banner
LightNews
sydseter.com
Uncle Joe
@sydseter.com
23K followers 18K following 810 posts
Co-leader OWASP Cornucopia. If you like what we do for open source, visit our code repository https://github.com/OWASP/cornucopia and give us a star ⭐ 🌈 «Difference is of the essence of humanity» 🦄 – John Hume #appsec #owasp #cornucopia #threatmodeling
github.com
Posts Media Videos Starter Packs
Pinned
sydseter.com
Uncle Joe @sydseter.com · Nov 25
If you want others to do threat modeling for you, then please, for the love of god, at least, make it a bit fun!
copi.owasp.org
cornucopia.owasp.org
#owasp #cornucopia #appsec #threatmodeling #threat-modeling
9 21 260
Reposted by Uncle Joe
sydseter.com
Uncle Joe @sydseter.com · 1d
There was an article in the Norwegian news today that the number of asylum seekers from USA has increased with 300% (year-on-year). In September the number was the same as the whole of 2024. Many of the people are afraid because of their sexual orientation fearing for their life if they return
3 7 24
Reposted by Uncle Joe
sydseter.com
Uncle Joe @sydseter.com · 1d
Here is what I think. By the end of 2025 the increase of political refugees to Europe, in general, will probably be more than 300%.
1 5
Reposted by Uncle Joe
sydseter.com
Uncle Joe @sydseter.com · 1d
–The political violence puts the lives of transgender people, LGBTQ people, disabled people and people with dark skin at risk, says Amelia, who came to Norway six months ago and lives in an asylum reception center in Trondheim. –My father has ancestors from Western Norway. That's why I chose Norway
2 2 7
Reposted by Uncle Joe
sydseter.com
Uncle Joe @sydseter.com · 1d
In September, Norway have more refugees from USA than from Somalia.
1 6 15
sydseter.com
Uncle Joe @sydseter.com · 1d
Here is what I think. By the end of 2025 the increase of political refugees to Europe, in general, will probably be more than 300%.
1 5
sydseter.com
Uncle Joe @sydseter.com · 1d
Are you sure Norway is the only country that receives refugees from USA?
sydseter.com
Uncle Joe @sydseter.com · 1d
–The political violence puts the lives of transgender people, LGBTQ people, disabled people and people with dark skin at risk, says Amelia, who came to Norway six months ago and lives in an asylum reception center in Trondheim. –My father has ancestors from Western Norway. That's why I chose Norway
2 2 7
sydseter.com
Uncle Joe @sydseter.com · 1d
In September, Norway have more refugees from USA than from Somalia.
1 6 15
sydseter.com
Uncle Joe @sydseter.com · 1d
But there are, as well, prople coming, that have a different skin color or that are disabled. All seeking aid as political refugees. Article in Norwegian:

www.vg.no/nyheter/i/yE...
Mangedobling av asylsøkere fra USA til Norge
Så langt i år har 31 amerikanske statsborgere søkt asyl i Norge. Bare i september var tallet åtte, omtrent på nivå med hele 2024.
www.vg.no
2 1 9
sydseter.com
Uncle Joe @sydseter.com · 1d
There was an article in the Norwegian news today that the number of asylum seekers from USA has increased with 300% (year-on-year). In September the number was the same as the whole of 2024. Many of the people are afraid because of their sexual orientation fearing for their life if they return
3 7 24
Reposted by Uncle Joe
owasp.org
OWASP® Foundation @owasp.org · 2d
Join Dawid Czagan at OWASP Global AppSec US 2025 in Washington, D.C.!

Don’t miss this chance to train with one of the field’s leading experts before the main conference.

👉 Register now: owasp.glueup.com/eve...

#OWASP #AppSec #Pentesting #Cybersec #Infosec #WashingtonDC
1 3
Reposted by Uncle Joe
adamshostack.bsky.social
Adam Shostack @adamshostack.bsky.social · 2d
Publish your threat models!

Not convinced?

I'll be hosting a talk with OSTIF on Oct 29 @ 2pm CT for you to ask me questions.

Register now and have your questions, thoughts, and comments ready!

luma.com/6fvp6orm
Threat Modeling w/ Adam Shostack · Zoom · Luma
Description Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…
luma.com
9 16
sydseter.com
Uncle Joe @sydseter.com · 2d
Why should you care? Strategically, it's very important that CISOs and CTOs understand that the AI revolution means business as usual regarding security. It may make us faster when we improve our automation with AI, but it doesn't make us more secure.
sydseter.com
Uncle Joe @sydseter.com · 2d
The finding by Omer Mayraz regarding GitHub Copilot data exfiltration demonstrates why the AI revolution have shifted the balance of power from the cyber defender to the attacker. These systems have a stochastic nature, making attacking, easier than defending. www.securityweek.com/github-copil...
GitHub Copilot Chat Flaw Leaked Data From Private Repositories
A vulnerability in the GitHub Copilot Chat AI assistant led to sensitive data leakage and full control over Copilot’s responses.
www.securityweek.com
5 10
sydseter.com
Uncle Joe @sydseter.com · 2d
I an AI vs. AI war, the attacker will always win because the AIs stochastic nature will always leave room for flaws the attacker can exploit. oodaloop.com/analysis/ood...
Attacker VS Defender.  Who Will Win the Race to Best Operationalize AI?
The arrival and continued emergence of artificial intelligence (AI) has made a huge impact on the cyber ecosystem.  With any new technology, the
oodaloop.com
2
sydseter.com
Uncle Joe @sydseter.com · 2d
The finding by Omer Mayraz regarding GitHub Copilot data exfiltration demonstrates why the AI revolution have shifted the balance of power from the cyber defender to the attacker. These systems have a stochastic nature, making attacking, easier than defending. www.securityweek.com/github-copil...
GitHub Copilot Chat Flaw Leaked Data From Private Repositories
A vulnerability in the GitHub Copilot Chat AI assistant led to sensitive data leakage and full control over Copilot’s responses.
www.securityweek.com
3 6 15
Reposted by Uncle Joe
nest.owasp.org
OWASP Nest @nest.owasp.org · 4d
🎉 Big news from the OWASP Nest Team! 🎉

We're thrilled to share that OWASP Nest has officially been promoted from the Incubator level to the Lab level!

www.linkedin.com/feed/update/...
3 4 8
sydseter.com
Uncle Joe @sydseter.com · 4d
We are always looking for volunteer contributors. Get in touch if you can program Typescript, Python or Elixir!
Get that CV of yours fit for employment!
sydseter.com
Uncle Joe @sydseter.com · Feb 15
The great thing about contributing to OWASP Cornucopia is that you can immortalize yourself. So though I can’t escape this mortal world, I will survive as a threat actor in
@threatdragon.bsky.social and hopefully end up as a bug in your issue tracking system where I will haunt your waking hours.
2
Reposted by Uncle Joe
sydseter.com
Uncle Joe @sydseter.com · Mar 17
When ever a DM talks about replacing developers with AI. Remember that it’s not a novel idea and that you probably have heard it before told slightly differently.
4 5 25
sydseter.com
Uncle Joe @sydseter.com · 4d
We are always looking for volunteer contributors. Get in touch if you can program Typescript, Python or Elixir and get that CV of yours fit for employment!
sydseter.com
Uncle Joe @sydseter.com · Jul 1
We just had our 5th minor release in one year. Just wait for what comes next. This is what we have done over the last 13 months. If you like what we do for open source, visit our code repository github.com/OWASP/cornuc... and give us a star ⭐️
1.22.0: Translated decks in Spanish, French, Dutch, Portuguese (pt-br), Norwegian Support for multi-editions, leaflets, guids and languages Build and release pipeline for physical prints 2.0.0: Released OWASP Cornucopia Mobile App Edition 1.0 Released OWASP Cornucopia Website App Edition 2.0 Updated ASVS mapping from version 3.0 to 4.0.3 New Case design New Logo 2.1.0: New website released https://cornucopia.owasp.org wih card taxonomy QR codes on each cards that takes you to the new website New translations in Italian and Portuguese (pt-pt), Russian 2.2.0: Released https://copi.owasp.org 2.3.0: Released Elevation of MLSec at https://copi.owasp.org 2.4.0: Released OWASP Cumulus at https://copi.owasp.org
1 2 5
sydseter.com
Uncle Joe @sydseter.com · 6d
5 23
Reposted by Uncle Joe
owasp.org
OWASP® Foundation @owasp.org · 9d
📢 Exciting news! The Call for Trainers for our 2026 Global AppSec EU is now live! Got valuable content to share? Don't miss this opportunity to contribute to our community. Submit your proposal today at:
OWASP Global AppSec EU (Vienna) 2026 - CFT : Call for Sessions
OWASP Global AppSec Training Days are known for their top notch trainers and in-depth course material.  The OWASP Foundation would like to invite you ...
sessionize.com
1 5
Reposted by Uncle Joe
owasp.org
OWASP® Foundation @owasp.org · 8d
Calling all devs, hackers, and AppSec humans!
OWASP Contributor Fair = your chance to connect with OWASP projects + start contributing IRL. Register Project here: form.jotform.com/252...
2 2
Reposted by Uncle Joe
sydseter.com
Uncle Joe @sydseter.com · 12d
How do you get your dev team to shift left for real?

Shift-left doesn't start with scanning code for vulnerabilities; it begins with designing it.

Play yourself secure with OWASP Cornucopia Website Edition v2.2!

dev.to/owasp/how-do-you-get-your-dev-team-to-shift-left-by-themselves-for-real-3eap
How do you get your dev team to shift left by themselves for real?
Shift-left doesn't start with scanning the code for security vulnerabilities; it begins with...
dev.to
1 5 19
sydseter.com
Uncle Joe @sydseter.com · 12d
Thanks to @jefmeijvis.com and dotNET lab for providing the latest material for the website, and to Jon Gadsden for helping out with the cross-references to the OWASP Developer Guide: devguide.owasp.org/en/04-design/02-web-app-checklist/

#security #appsec #shiftleft #owasp #cornucopia
Overview - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
2
sydseter.com
Uncle Joe @sydseter.com · 12d
How do you get your dev team to shift left for real?

Shift-left doesn't start with scanning code for vulnerabilities; it begins with designing it.

Play yourself secure with OWASP Cornucopia Website Edition v2.2!

dev.to/owasp/how-do-you-get-your-dev-team-to-shift-left-by-themselves-for-real-3eap
How do you get your dev team to shift left by themselves for real?
Shift-left doesn't start with scanning the code for security vulnerabilities; it begins with...
dev.to
1 5 19