Neil Madden<p>Have been playing with developing some threat trees for STRIDE-per-Element <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> Still quite rough.</p><p><a href="https://codeberg.org/neilmadden/stride-threat-trees/src/branch/main/README.md" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/neilmadden/stride</span><span class="invisible">-threat-trees/src/branch/main/README.md</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
mathstodon.xyz is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance for maths people. We have LaTeX rendering in the web interface!
Administered by:
Server stats:
2.8Kactive users
mathstodon.xyz: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#threatmodeling
1 post · 1 participant · 0 posts today
Paco Hope #resist<p>I have seen a lot of efforts to use an <a href="https://infosec.exchange/tags/LLM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LLM</span></a> to create a <a href="https://infosec.exchange/tags/ThreatModel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModel</span></a>. I have some insights. </p><p>Attempts at <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> tend to do 3 things wrong:</p><ol><li>They assume that the user's input is both complete and correct. The LLM (in the implementations I've seen) never questions "are you sure?" and it never prompts the user like "you haven't told me X, what about X?"</li><li>Lots of teams treat a threat model as a deliverable. Like we go build our code, get ready to ship, and then "oh, shit! Security wants a threat model. Quick, go make one." So it's not this thing that informs any development choices <em>during development</em>. It's an afterthought that gets built just prior to <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> review.</li><li>Lots of people think you can do an adequate threat model with only technical artifacts (code, architectuer, data flow, documentation, etc.). There's business context that needs to be part of every decision, and teams are just ignoring that.</li></ol><p>1/n</p>
OWASP Foundation<p>Get pumped for <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> Global <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> EU in May! Enhance your experience by becoming a Mentor and building lasting connections while assisting others on their journey! Don't miss out, sign up here: <a href="https://owasp.wufoo.com/forms/zk2cdkr1qla6o8/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.wufoo.com/forms/zk2cdkr1</span><span class="invisible">qla6o8/</span></a> 🚀 <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> <a href="https://infosec.exchange/tags/Barcelona" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Barcelona</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
Adam Shostack :donor: :rebelverified:<p>My <a href="https://infosec.exchange/tags/Appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Appsec</span></a> roundup for April is live. No blow by blow masto post this time because i have to head to the airport soon for <a href="https://infosec.exchange/tags/rsac" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rsac</span></a> </p><p>Lots of <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a>, important improvements to <a href="https://infosec.exchange/tags/llm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>llm</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> and more</p><p><a href="https://shostack.org/blog/appsec-roundup-april/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">shostack.org/blog/appsec-round</span><span class="invisible">up-april/</span></a></p>
Lenin alevski 🕵️💻<p>New Open-Source Tool Spotlight 🚨🚨🚨</p><p>"Threat-Informed Defense" isn't just a buzzword. The Center for Threat-Informed Defense bridges MITRE ATT&CK with actionable tools like Adversary Emulation Plans and the Attack Workbench, empowering defenders to stay ahead of real-world TTPs. <a href="https://infosec.exchange/tags/CyberDefense" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberDefense</span></a> <a href="https://infosec.exchange/tags/MITREATTACK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MITREATTACK</span></a> </p><p>Want to map security controls to adversary behavior? Check out Mappings Explorer by the Center for Threat-Informed Defense. It aligns your defense strategy directly with the MITRE ATT&CK framework. Precision matters. <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> </p><p>Attack Flow helps you visualize how attackers chain techniques into full-scale operations. An indispensable tool for understanding and mitigating attack sequences. Powered by the Center for Threat-Informed Defense. <a href="https://infosec.exchange/tags/SOCtools" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOCtools</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> </p><p>TRAM leverages automation to map CTI reports directly to MITRE ATT&CK tactics and techniques. Less manual work, more actionable insights. Open-source ingenuity at its best. <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberThreats</span></a> <a href="https://infosec.exchange/tags/MITREATTACK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MITREATTACK</span></a> </p><p>Building effective cyber analytics requires depth; "Summiting the Pyramid" delivers frameworks to challenge adversary evasion strategies. A research-backed way to harden defenses. <a href="https://infosec.exchange/tags/CyberAnalytics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberAnalytics</span></a> <a href="https://infosec.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatHunting</span></a></p><p>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> 👉 <a href="https://github.com/center-for-threat-informed-defense" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/center-for-threat-i</span><span class="invisible">nformed-defense</span></a></p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️</p>
Neil Madden<p>As you might have guessed I’m doing a lot of thinking about <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> recently. The one area I think where STRIDE could perhaps do with updating is an increased focus on privacy. I’ve been toying with STRIPED - ie adding Privacy Violation to the list. What do people reckon - is this a good idea, or is privacy its own thing that should be treated separately (eg with LINDUN)?</p>
Neil Madden<p>I've updated the illuminated security <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> workbook, designed for either pen&paper or <a href="https://infosec.exchange/tags/reMarkable2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reMarkable2</span></a> use. It's now a lot more detailed and with hyperlinked sections. At some point I'll get around to documenting how to use it, but if you've read <span class="h-card" translate="no"><a href="https://infosec.exchange/@adamshostack" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>adamshostack</span></a></span> 's book it should be self-explanatory. Entirely free to download, use etc - CC-BY-SA licensed.</p><p><a href="https://illuminated-security.com/threat-modelling-workbook-2/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">illuminated-security.com/threa</span><span class="invisible">t-modelling-workbook-2/</span></a></p>
Neil Madden<p>I generally do some form of STRIDE-per-Element when threat modelling. But I find “spoofing” threats don’t sit well with the others in this methodology. (Is spoofing a process a threat to that process or to its interactors?) I find it much more natural to consider spoofing as a dataflow threat rather than as a threat to a process/datastore/external entity. Although this can result in duplication (if the same endpoint is involved in lots of dataflows), I find it useful to explicitly consider the potential impact of the “same” threat on each flow. </p><p>What do others think?<br><a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a></p>
OWASP Foundation<p>Are you ready for <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> Global <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> EU? 🚀 Be part of the action as a volunteer! Your contribution can make a real impact. Fill out the form today to join something incredible! Don't miss out, sign up here: <a href="https://owasp.wufoo.com/forms/z1jihpei0ws2e3v/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.wufoo.com/forms/z1jihpei</span><span class="invisible">0ws2e3v/</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
GeneralX ⏯️<p>"The Signals Network (TSN) and the Reynolds Journalism Institute (RJI) are launching comprehensive training for journalists working with sensitive sources.</p><p>The training modules will live permanently on TSN’s website and be free to access."</p><p><a href="https://rjionline.org/news/protecting-the-protectors/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">rjionline.org/news/protecting-</span><span class="invisible">the-protectors/</span></a><br><a href="https://freeradical.zone/tags/journalism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>journalism</span></a> <a href="https://freeradical.zone/tags/whistleblowers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>whistleblowers</span></a> <a href="https://freeradical.zone/tags/digitalsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>digitalsecurity</span></a> <a href="https://freeradical.zone/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://freeradical.zone/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a></p>
OWASP Boston<p>Learn how to create resilient applications using <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> with Nikunj Doshi & Kathan Shah at #<a href="https://infosec.exchange/tags/basc2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>basc2025</span></a> . Grab your ticket fast at <a href="http://www.basconf.org" rel="nofollow noopener noreferrer" target="_blank">www.basconf.org</a>. Limited tickets available. Sale ends tonight at 11 30 PM EST!</p>
OWASP Foundation<p>Get ready for an exhilarating time at <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> Global <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> EU this May! Imagine navigating between sessions, connecting with peers over coffee... Why not enhance your experience by becoming a Mentor? Sign up here: <a href="https://owasp.wufoo.com/forms/zk2cdkr1qla6o8/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.wufoo.com/forms/zk2cdkr1</span><span class="invisible">qla6o8/</span></a> 🚀 <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a></p>
Paco Hope #resist<p>Some of my colleagues at <a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AWS</span></a> have created an open-source <a href="https://github.com/awslabs/threat-designer" rel="nofollow noopener noreferrer" target="_blank">serverless #AI assisted #threatmodel solution</a>. You upload architecture diagrams to it, and it uses Claude Sonnet via Amazon Bedrock to analyze it.</p><p>I'm not too impressed with the threats it comes up with. But I am very impressed with the amount of typing it saves. Given nothing more than a picture and about 2 minutes of computation, it spits out a <em>very</em> good list of what is depicted in the diagram and the flows between them. To the extent that the diagram is accurate/well-labeled, this solution seems to do a very good job writing out what is depicted.</p><p>I deployed this "Threat Designer" app. Then I took the architecture image from <a href="https://medium.com/serverless-transformation/what-a-typical-100-serverless-architecture-looks-like-in-aws-40f252cd0ecb" rel="nofollow noopener noreferrer" target="_blank">this blog post</a> and dropped that picture into it. The image analysis produced some of the list of things you see attached.</p><p>This is a specialized, context-aware kind of OCR. I was impressed at boundaries, flows, and assets pulled from a graphic. Could save a lot of typing time. I was not impressed with the threats it identifies. Having said that, it did identify a handful of things I hadn't thought of before, like EventBridge event injection. But the majority of the threats are low value.</p><p>I suspect this app is not cheap to run. So <em>caveat deployor</em>. <br><a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloud</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a></p>
OWASP Boston<p>Learn with Aedan Lawrence how to apply a scalable approach to #<a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> at OWASP BASC on April 5th (Saturday). Buy your tickets at <a href="http://www.basconf.org" rel="nofollow noopener noreferrer" target="_blank">www.basconf.org</a> <a href="https://infosec.exchange/tags/owasp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>owasp</span></a> <a href="https://infosec.exchange/tags/basc2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>basc2025</span></a> <a href="https://infosec.exchange/tags/owaspboston" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>owaspboston</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a></p>
OWASP Boston<p>We have Audrey Long explaining how to automate <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> at BASC 2025. Buy your ticket at <a href="http://www.basconf.org" rel="nofollow noopener noreferrer" target="_blank">www.basconf.org</a> to grab a spot. <a href="https://infosec.exchange/tags/owasp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>owasp</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a> <a href="https://infosec.exchange/tags/basc2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>basc2025</span></a> #<a href="https://infosec.exchange/tags/basc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>basc</span></a></p>
OWASP Boston<p>Best way to spend $30 by learning about <a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ai</span></a>, <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> & <a href="https://infosec.exchange/tags/mobilesecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mobilesecurity</span></a> ! Check out <a href="http://www.basconf.org" rel="nofollow noopener noreferrer" target="_blank">www.basconf.org</a> to register. Hurry up to grab a spot! <a href="https://infosec.exchange/tags/owasp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>owasp</span></a> <a href="https://infosec.exchange/tags/basc2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>basc2025</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a></p>
OWASP Foundation<p>🌟 Calling all potential speakers! 🌟 Here's your chance to shine at <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> Global <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> USA in Washington, DC this November! Share your expertise by submitting presentation proposals now! Don't miss out - apply here: <a href="https://sessionize.com/owasp-global-appsec-USA-2025-cfp2/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">sessionize.com/owasp-global-ap</span><span class="invisible">psec-USA-2025-cfp2/</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/SBOMM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SBOMM</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a></p>
OWASP Foundation<p>👀 OWASP Global AppSec EU 2025 Barcelona Day 1 Agenda Sneak Peek!</p><p>The full agenda is now live on our website, and we're kicking things off in Barcelona with an incredible first day! Join in on training sessions on AI Whiteboard Hacking, Full-Stack Pentesting, and iOS and Andriod App Security on day 1.</p><p>👉 <a href="https://owasp.glueup.com/event/owasp-global-appsec-eu-2025-123983/home.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.glueup.com/event/owasp-g</span><span class="invisible">lobal-appsec-eu-2025-123983/home.html</span></a></p><p><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/AppSecEU2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSecEU2025</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AIsecurity</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Barcelona" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Barcelona</span></a></p>
Gary McGraw<p>Making automated Threat Modeling better with applied ML. A recorded webinar that I participate in yesterday.<br><a href="https://sigmoid.social/tags/MLsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MLsec</span></a> <a href="https://sigmoid.social/tags/ML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ML</span></a> <a href="https://sigmoid.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://sigmoid.social/tags/swsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>swsec</span></a> <a href="https://sigmoid.social/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a> <a href="https://sigmoid.social/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> </p><p><a href="https://www.youtube.com/playlist?list=PLpo8W6wt_WV-haEOL-nWyz5TKhJOJ5Gao" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/playlist?list=PLpo</span><span class="invisible">8W6wt_WV-haEOL-nWyz5TKhJOJ5Gao</span></a></p>
OWASP Foundation<p>The Full Agenda for OWASP Global AppSec EU 2025 is LIVE! 🎉 </p><p>Get ready for an unparalleled lineup of security experts, cutting-edge talks, and hands-on training sessions in Barcelona! Whether you specialize in DevSecOps, threat modeling, AI security, or AppSec automation, there’s something for everyone. </p><p>📍 Check out the full agenda and secure your spot today! <a href="https://owasp.glueup.com/event/owasp-global-appsec-eu-2025-123983/home.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.glueup.com/event/owasp-g</span><span class="invisible">lobal-appsec-eu-2025-123983/home.html</span></a></p><p><a href="https://infosec.exchange/tags/owaspglobalappseceu2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>owaspglobalappseceu2025</span></a> <a href="https://infosec.exchange/tags/Barcelona" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Barcelona</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatmodeling</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a> <a href="https://infosec.exchange/tags/SBOMM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SBOMM</span></a></p>
SearchLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload