"Back in September 2025, we announced an investment in Open Web Docs by the Sovereign Tech Agency to create developer documentation on web security and privacy. This month we've completed the biggest section of the commissioned work: to update the web security documentation on MDN. In this post we'll have a look at what we've added, and what's coming up next.

The docs we've written for MDN consist of four main pillars: Attacks, Defenses, Threat modeling, and Authentication."

https://openwebdocs.org/content/posts/security-docs-sovereign-tech-agency/

#CyberSecurity #WebSecurity #WebDevelopment #ThreatModelling #Authentication

The OWASP Cornucopia Web App Companion Set, which celebrates 25 years of the Open Web/World Application Security Project (OWASP), can be bought as a high-quality printed duplex deck from https://cybersecgames.com/collections/owasp-cornucopia-collection/products/owasp-cornucopia-web-app-with-companion-edition

My name appears in a few places. Being open source, all the data, code and source files are available free online https://cornucopia.owasp.org

@owasp #owasp #appsec #threatmodeling #infosec #devsecops #devops #ai #automation #cloud #webapps #cornucopia #threatmodelling #cybersecurity

Just received 4 copies of OWASP Cornucopia Web App Companion Set, which celebrates 25 years of The Open Web/World Application Security Project (OWASP). The duplex pack contains a deck of Website App Edition, a deck of the new Companion Edition, and specially-written booklet. All the data, code and source files are available free online https://cornucopia.owasp.org

Well done CyberSec Games for doing such a great job printing (and selling) this unique pack.

#owasp #threatmodelling #appsec @owasp

After five years, The Digital Identity Event Horizon is published in full today: three problem statements, ten key findings, and dozens of recommendations across policy, protocol, legal, and social contexts.

It's the largest research study in New Design Congress' eight-year history: eight case studies, hundreds of citations, dozens of participants from government, intelligence, civil society, technology, and the field itself.

It is also, without exaggeration, the most alarming body of work we have ever produced.

The argument is straightforward and difficult to reckon with: Digital identity makes societies brittle. In 2026, we find ourselves in an era of digital identity fetishism: flawed age verification schemes, biometric and facial-recognition authenticators, and fragile state-backed identity programmes are rolling out at an unprecedented rate. And every one of them, whether current or emerging, remains vulnerable to social engineering. The success rate for a non-technical attack on a user is now three out of four. These attacks cost US companies an estimated $1.6 billion in the five years to 2017 alone; by 2024, fraud runs to hundreds of billions worldwide.

READ IT HERE https://newdesigncongress.org/en/report/2026/the-digital-identity-event-horizon/

#digitalidentity #privacy #eupol #did #politics #threatmodelling

DBD Cornucopia is now available for teams to play online. Free to use, no registration, no tracking.

Thank you Adarsh Kumar @Adarshkumar0509 from OWASP Cornucopia (open source security threat modelling of software) for adding Digital Benefits and Disbenefits Cornucopia to their Copi online gaming engine.

https://copi.owasp.org/

#welfarebenefits #socialprotection #egovernment #servicedesign #threatmodelling #harms #hci

📆 15-17 June 2026

As part of the @webhackfest, W3C has proposed a breakout session to collaboratively map the Web Security Model, including components, assumptions, trust boundaries, and responsibilities of the Web Platform, with the output feeding the Threat Model for the Web and future security-by-design boilerplate for Web APIs.
https://www.w3.org/events/talks/2026/web-security-model-mapping-collaboratively-the-security-baseline-of-the-web-platform/
#WebHackfest #WebStandards #WebSecurity #ThreatModelling

Very pleased to see the way the new OWASP Cornucopia Companion Edition software threat-modelling game deck looks in print. Thanks to all the volunteers who created it, and made this release happen.

Source data and print-ready files available for free in the project repository // Play for free online // Print your own decks // Buy professionally-printed decks.

https://cornucopia.owasp.org/news/20260508-companion-edition

#owasp #threatmodelling #appsec #devops #software #devsecops @owasp

OWASP Cornucopia, first created in 2012

Could something be skipping though the "customer interaction" points in your application?

BOT3 from the OWASP Cornucopia Companion illustrates how automation at scale can be used on gambling sites to make bets fast & furiously, skipping past all the checks and balances, warnings, up-selling and regulatory information.

Read the whole scenario at https://cornucopia.owasp.org/edition/companion/BOT3/1.0/en

Details of new release at https://cornucopia.owasp.org/news/20260508-companion-edition

@owasp #appsec #devops #devsecops #threatmodelling #eop #owasp #cornucopia