Uncle Joe
@sydseter.com
Co-leader OWASP Cornucopia. If you like what we do for open source, visit our code repository https://github.com/OWASP/cornucopia and give us a star ⭐
🌈 «Difference is of the essence of humanity» 🦄 – John Hume
#appsec #owasp #cornucopia #threatmodeling
🌈 «Difference is of the essence of humanity» 🦄 – John Hume
#appsec #owasp #cornucopia #threatmodeling
Pinned
Uncle Joe
@sydseter.com
· Nov 25
If you want others to do threat modeling for you, then please, for the love of god, at least, make it a bit fun!
copi.owasp.org
cornucopia.owasp.org
#owasp #cornucopia #appsec #threatmodeling #threat-modeling
copi.owasp.org
cornucopia.owasp.org
#owasp #cornucopia #appsec #threatmodeling #threat-modeling
Reposted by Uncle Joe
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Overview - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
November 9, 2025 at 1:08 PM
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Reposted by Uncle Joe
Did you know that according to ISO 27001, 8.28 Secure coding, pair programming, refactoring, and test-driven development are considered to be secure coding practices?
Next time someone ask, shh, just let it happen!
Next time someone ask, shh, just let it happen!
November 7, 2025 at 8:25 AM
Did you know that according to ISO 27001, 8.28 Secure coding, pair programming, refactoring, and test-driven development are considered to be secure coding practices?
Next time someone ask, shh, just let it happen!
Next time someone ask, shh, just let it happen!
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Overview - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
November 9, 2025 at 1:08 PM
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
The local Sri Lankan babysitter is caching in on far-right sentiment in UK using AI and Deepfakes for clickbaiting. Can’t blame them for trying to earn the extra bucks, but what about the consequences for Democracy?
Is democracy for sale on social media?
Should AI and social media play such a role?
Is democracy for sale on social media?
Should AI and social media play such a role?
How “pro-Britain” Facebook groups run from outside the UK are cashing in on anti-immigrant sentiment & sucking in Reform councillors. My latest for @theleaduk.bsky.social
national.thelead.uk/p/reform-cou...
national.thelead.uk/p/reform-cou...
Bots, AI memes and Reform councillors: How foreign Facebook pages are hijacking UK patriotism
Fake British “patriot” pages run from abroad are fooling thousands – including elected councillors.
national.thelead.uk
November 8, 2025 at 11:08 AM
The local Sri Lankan babysitter is caching in on far-right sentiment in UK using AI and Deepfakes for clickbaiting. Can’t blame them for trying to earn the extra bucks, but what about the consequences for Democracy?
Is democracy for sale on social media?
Should AI and social media play such a role?
Is democracy for sale on social media?
Should AI and social media play such a role?
AI will be one of the biggest challenges, yet, to democracy around the world. Fascism just got a incredible tool added to their toolbox.
How “pro-Britain” Facebook groups run from outside the UK are cashing in on anti-immigrant sentiment & sucking in Reform councillors. My latest for @theleaduk.bsky.social
national.thelead.uk/p/reform-cou...
national.thelead.uk/p/reform-cou...
Bots, AI memes and Reform councillors: How foreign Facebook pages are hijacking UK patriotism
Fake British “patriot” pages run from abroad are fooling thousands – including elected councillors.
national.thelead.uk
November 8, 2025 at 10:40 AM
AI will be one of the biggest challenges, yet, to democracy around the world. Fascism just got a incredible tool added to their toolbox.
Did you know that according to ISO 27001, 8.28 Secure coding, pair programming, refactoring, and test-driven development are considered to be secure coding practices?
Next time someone ask, shh, just let it happen!
Next time someone ask, shh, just let it happen!
November 7, 2025 at 8:25 AM
Did you know that according to ISO 27001, 8.28 Secure coding, pair programming, refactoring, and test-driven development are considered to be secure coding practices?
Next time someone ask, shh, just let it happen!
Next time someone ask, shh, just let it happen!
OWASP Top 10 2025 is going live now at owasp.org/Top10/
New is:
A03:2025 Software Supply Chain Failures
and…
A10:2025 Mishandling of Exceptional Conditions
The last one based on assessments done with OWASP SAMM core team members. I can take no credit here whatsoever. Congratulations!
New is:
A03:2025 Software Supply Chain Failures
and…
A10:2025 Mishandling of Exceptional Conditions
The last one based on assessments done with OWASP SAMM core team members. I can take no credit here whatsoever. Congratulations!
November 6, 2025 at 7:02 PM
OWASP Top 10 2025 is going live now at owasp.org/Top10/
New is:
A03:2025 Software Supply Chain Failures
and…
A10:2025 Mishandling of Exceptional Conditions
The last one based on assessments done with OWASP SAMM core team members. I can take no credit here whatsoever. Congratulations!
New is:
A03:2025 Software Supply Chain Failures
and…
A10:2025 Mishandling of Exceptional Conditions
The last one based on assessments done with OWASP SAMM core team members. I can take no credit here whatsoever. Congratulations!
Games aren't just for fun, they're essential for our survival.
We often think of playing and gaming as unique to humans, but research shows otherwise. All animals with a brain play, even bumblebees.
These nine panels show the sequence of a ball-rolling action, lasting, in this instance, ca.4s. (1/4)
We often think of playing and gaming as unique to humans, but research shows otherwise. All animals with a brain play, even bumblebees.
These nine panels show the sequence of a ball-rolling action, lasting, in this instance, ca.4s. (1/4)
November 6, 2025 at 5:17 PM
Games aren't just for fun, they're essential for our survival.
We often think of playing and gaming as unique to humans, but research shows otherwise. All animals with a brain play, even bumblebees.
These nine panels show the sequence of a ball-rolling action, lasting, in this instance, ca.4s. (1/4)
We often think of playing and gaming as unique to humans, but research shows otherwise. All animals with a brain play, even bumblebees.
These nine panels show the sequence of a ball-rolling action, lasting, in this instance, ca.4s. (1/4)
Reposted by Uncle Joe
📡 OWASP Secure Headers Project:
- We added information about the HTTP response header "X-DNS-Prefetch-Control".
- We added the tool "shcheck" to the list of analysis tools.
#appsec #appsecurity #owasp_shp
- We added information about the HTTP response header "X-DNS-Prefetch-Control".
- We added the tool "shcheck" to the list of analysis tools.
#appsec #appsecurity #owasp_shp
November 5, 2025 at 5:28 AM
📡 OWASP Secure Headers Project:
- We added information about the HTTP response header "X-DNS-Prefetch-Control".
- We added the tool "shcheck" to the list of analysis tools.
#appsec #appsecurity #owasp_shp
- We added information about the HTTP response header "X-DNS-Prefetch-Control".
- We added the tool "shcheck" to the list of analysis tools.
#appsec #appsecurity #owasp_shp
As in sex, the same goes for privacy, consent must be active, clear, knowing, ongoing, voluntary, and is always REQUIRED!
You don’t need to ask for consent until the user says yes repeatedly. I know that means you may not get lucky, but it’s an excellent way to ensure you keep your friendships.
You don’t need to ask for consent until the user says yes repeatedly. I know that means you may not get lucky, but it’s an excellent way to ensure you keep your friendships.
November 4, 2025 at 7:07 AM
As in sex, the same goes for privacy, consent must be active, clear, knowing, ongoing, voluntary, and is always REQUIRED!
You don’t need to ask for consent until the user says yes repeatedly. I know that means you may not get lucky, but it’s an excellent way to ensure you keep your friendships.
You don’t need to ask for consent until the user says yes repeatedly. I know that means you may not get lucky, but it’s an excellent way to ensure you keep your friendships.
I am so tiered of explaining to people about privacy and cookies, so here is an allegory for you.
As in sex, the same goes for privacy, consent must be active, clear, knowing, ongoing, voluntary and is always REQUIRED!
As in sex, the same goes for privacy, consent must be active, clear, knowing, ongoing, voluntary and is always REQUIRED!
November 3, 2025 at 4:01 PM
I am so tiered of explaining to people about privacy and cookies, so here is an allegory for you.
As in sex, the same goes for privacy, consent must be active, clear, knowing, ongoing, voluntary and is always REQUIRED!
As in sex, the same goes for privacy, consent must be active, clear, knowing, ongoing, voluntary and is always REQUIRED!
OpenAI’s recently introduced Aardvark the agentic security researcher. openai.com/index/introd...
You can actually set this up in a much less intrusive way with Copilot by using the Copilot code review functionality docs.github.com/en/copilot/c...
You can actually set this up in a much less intrusive way with Copilot by using the Copilot code review functionality docs.github.com/en/copilot/c...
Introducing Aardvark: OpenAI’s agentic security researcher
Now in private beta: an AI agent that thinks like a security researcher and scales to meet the demands of modern software.
openai.com
November 1, 2025 at 8:59 AM
OpenAI’s recently introduced Aardvark the agentic security researcher. openai.com/index/introd...
You can actually set this up in a much less intrusive way with Copilot by using the Copilot code review functionality docs.github.com/en/copilot/c...
You can actually set this up in a much less intrusive way with Copilot by using the Copilot code review functionality docs.github.com/en/copilot/c...
Consult with your physician
October 31, 2025 at 6:13 AM
Consult with your physician
Don’t get too addicted to those pills. Do it on weekends when it’s fun.
October 31, 2025 at 6:08 AM
Don’t get too addicted to those pills. Do it on weekends when it’s fun.
Reposted by Uncle Joe
October 30, 2025 at 7:35 AM
Reposted by Uncle Joe
Reposted by Uncle Joe
Ok Cyberz community bring on your #WednesdayWin stories!
For me:
- I've recently past my 1yr mark at Checkmarx 🎉
- I've finished some #zaproxy rule and add-on work.
- I'm starting some #zaproxy core work 😁
For me:
- I've recently past my 1yr mark at Checkmarx 🎉
- I've finished some #zaproxy rule and add-on work.
- I'm starting some #zaproxy core work 😁
October 29, 2025 at 3:27 PM
Ok Cyberz community bring on your #WednesdayWin stories!
For me:
- I've recently past my 1yr mark at Checkmarx 🎉
- I've finished some #zaproxy rule and add-on work.
- I'm starting some #zaproxy core work 😁
For me:
- I've recently past my 1yr mark at Checkmarx 🎉
- I've finished some #zaproxy rule and add-on work.
- I'm starting some #zaproxy core work 😁
Don’t apologize for designing before coding, it’s called “thinking”.
October 29, 2025 at 7:06 AM
Don’t apologize for designing before coding, it’s called “thinking”.
Reposted by Uncle Joe
Hey there, OWASP community! 🌟 We're on the hunt for volunteers to help out on Thursday and Friday at Global AppSec USA! 🙌 Score a free conference ticket by signing up for 2 shifts. Get in touch with us at [email protected] to get involved! 🚀 #OWASP #GlobalAppSecUSA
October 28, 2025 at 6:54 PM
Hey there, OWASP community! 🌟 We're on the hunt for volunteers to help out on Thursday and Friday at Global AppSec USA! 🙌 Score a free conference ticket by signing up for 2 shifts. Get in touch with us at [email protected] to get involved! 🚀 #OWASP #GlobalAppSecUSA
🎉
"I DON'T NEED YOU TO FUCKING REWRITE WHAT I'VE JUST WRITTEN!"
October 28, 2025 at 1:03 PM
🎉
I am very happy to be given the opportunity to judge all the fantastic entries in this year’s CyberSec Games competition together with my fellow judges. Oh, boy have it been a tough choice. I am also very happy to say that we’ve had no information leaks yet, but stay tuned for the announcement!
October 28, 2025 at 7:02 AM
I am very happy to be given the opportunity to judge all the fantastic entries in this year’s CyberSec Games competition together with my fellow judges. Oh, boy have it been a tough choice. I am also very happy to say that we’ve had no information leaks yet, but stay tuned for the announcement!