The latest version of the OWASP Automated Threat Handbook, which defines a common language to identify and classify automated threats to web applications and provides relevant countermeasures, is available to download as a free PDF or can be purchased in print from Lulu:
#bots #badbots #automatedthreats #appsec #infosec #informationsecurity #devops #threatmodelling #owasp @owasp
Everyone have different needs and face different dangers when their personal data gets exposed. To give actionable privacy advice, it's essential to consider each person's unique situation.
👤 Learn more on how to evaluate each person's threat model.
🧰 Check our Privacy Activist Toolbox tip to Consider Everyone's Unique Situation: https://www.privacyguides.org/en/activism/toolbox/tip-consider-everyones-unique-situation/
#PrivacyGuides #Activism #PrivacyActivistToolbox #Privacy #ThreatModelling
A couple of interesting links on SD-WAN security:
* https://www.mplify.net/wp-content/uploads/MEF_88.pdf - securing application flows in SD-WAN solutions (vendor neutral)
* https://arxiv.org/pdf/1811.04583 - focusses on orchestration, management and control (iterates through all the various vendors)
In tomorrow's OWASP 25th Anniversary Virtual Conference, two talks include mention of the OWASP Cornucopia card game.
In "Stop Lecturing, Start Playing" at 11:00 CET Johan Sydseter will discuss how you can utilize games to scale your application security program. And in "Connecting the dots" at 14:00 Max Alejandro Gómez Sánchez Vergaray will share his experiences of creating an AppSec programme.
#appsec #threatmodelling #software #applicationsecurity #owasp @sydseter
https://owasp.glueup.com/event/owasp-25th-anniversary-virtual-conference-164290/#agenda
Join us as we celebrate OWASP’s 25th Anniversary with a free virtual conference dedicated to the global community that makes our mission possible. This milestone event features a dynamic lineup of insightful talks and inspiring highlights from OWASP chapters.Whether you’re a longtime contributor or new to the OWASP family, this conference is designed to honor our shared achievements, and give back to the community that has fueled OWASP for a quarter century. Let’s celebrate the...
Application security specialist @sydseter mentioned to me this comprehensive web page by @adamshostack listing information security and privacy table-top games, including the card games OWASP Cornucopia @owasp and Digital Benefits and Disbenefits Cornucopia @DBD_Cornucopia
Game on!
#infosec #appsec #privacy #threatmodelling #ssdlc #gamification #games
Shostack + Associates > Tabletop Security Games + Cards
https://shostack.org/games
Another day, another threat model. Credit card company wants to know what they should be on the lookout for by way of discovery, lateral movement and c2 and exfiltration from their micro-segmentation solution as easy wins..
At #fosdem2026 and wondering what security issues to focus on for your #OSS project?
I'm running a security workshop/threat modelling session in the foyer of F1, ground floor, where the Club Mate is being sold. Look for the paper signs by the inner door!
My day job is security and platform engineering, so can particularly help around APIs, cloud, and LLM Agents but willing to help how I can!
#fosdem
#security
#threatmodelling
On Architectural Literacy
I’ve been reflecting on how technical grounding influences architectural judgement — especially in distributed, cloud-native systems.Occasionally, I get to do interesting, impactful things. Here's where I built a service and took it GA at Cisco-scale:
Colin Watson
Privacy Guides
Tim (Wadhwa-)Brown 
R.C.
Khürt Williams
katalyst