To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Overview - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
November 9, 2025 at 1:08 PM
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Application Security / #AppSec / #appsecurity is a key area in modern #CyberSecurity.
Particularly with so many non-tech folk now building Web apps using #AI.
If you're building apps I highly recommend reading the books by Tanya Janca @shehackspurple.bsky.social
They have helped me a lot!
Particularly with so many non-tech folk now building Web apps using #AI.
If you're building apps I highly recommend reading the books by Tanya Janca @shehackspurple.bsky.social
They have helped me a lot!
November 8, 2025 at 4:51 PM
Application Security / #AppSec / #appsecurity is a key area in modern #CyberSecurity.
Particularly with so many non-tech folk now building Web apps using #AI.
If you're building apps I highly recommend reading the books by Tanya Janca @shehackspurple.bsky.social
They have helped me a lot!
Particularly with so many non-tech folk now building Web apps using #AI.
If you're building apps I highly recommend reading the books by Tanya Janca @shehackspurple.bsky.social
They have helped me a lot!
Ep 165: Tanya
Tanya Janca is a globally recognized AppSec expert and founder of We Hack Purple. In this episode, she shares wild stories from the front lines of cybersecurity. She shares stories of when she was a penetration tester to an incident responder.
darknetdiaries.com/episode/165
Tanya Janca is a globally recognized AppSec expert and founder of We Hack Purple. In this episode, she shares wild stories from the front lines of cybersecurity. She shares stories of when she was a penetration tester to an incident responder.
darknetdiaries.com/episode/165
November 4, 2025 at 3:13 PM
Ep 165: Tanya
Tanya Janca is a globally recognized AppSec expert and founder of We Hack Purple. In this episode, she shares wild stories from the front lines of cybersecurity. She shares stories of when she was a penetration tester to an incident responder.
darknetdiaries.com/episode/165
Tanya Janca is a globally recognized AppSec expert and founder of We Hack Purple. In this episode, she shares wild stories from the front lines of cybersecurity. She shares stories of when she was a penetration tester to an incident responder.
darknetdiaries.com/episode/165
Looking to unwind and play with cute puppies?
Stop by the puppy lounge at the OWASP Global AppSec US 2025 in Washington, DC! 🐶🐾
Stop by the puppy lounge at the OWASP Global AppSec US 2025 in Washington, DC! 🐶🐾
November 6, 2025 at 4:17 PM
Looking to unwind and play with cute puppies?
Stop by the puppy lounge at the OWASP Global AppSec US 2025 in Washington, DC! 🐶🐾
Stop by the puppy lounge at the OWASP Global AppSec US 2025 in Washington, DC! 🐶🐾
400,000 WordPress Sites Affected by Account Takeover Vulnerability in Post SMTP WordPress Plugin #appsec
400,000 WordPress Sites Affected by Account Takeover Vulnerability in Post SMTP WordPress Plugin
Eyal Estrin
unread,
12:51 PM (5 minutes ago)
to
https://www.wordfence.com/blog/2025/11/400000-wordpress-sites-affected-by-account-takeover-vulnerability-in-post-smtp-wordpress-plugin/
Eyal Estrin
CISSP, CCSP, CISM, CISA, CDPSE, CCSK
Blog: https://security-24-7.com | Books: https://amzn.to/42Xai9A | https://amzn.to/3Sggbtv
Twitter: @eyalestrin | Bluesky: @eyalestrin.bsky.social
Reply all
Reply to author
Forward
groups.google.com
November 6, 2025 at 7:56 PM
400,000 WordPress Sites Affected by Account Takeover Vulnerability in Post SMTP WordPress Plugin #appsec
🐝 It’s official: OWASP’s 2025 Top 10 now includes Software Supply Chain Failures.
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
OWASP 2025 Top 10 Adds Software Supply Chain Failures, Ranke...
OWASP’s 2025 Top 10 introduces Software Supply Chain Failures as a new category, reflecting rising concern over dependency and build system risks.
socket.dev
November 9, 2025 at 5:57 PM
🐝 It’s official: OWASP’s 2025 Top 10 now includes Software Supply Chain Failures.
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
Join Wallarm at the Boston API Security Summit 2025!
On November 13, top cybersecurity experts will gather at Topgolf Boston – Canton to share insights on API security challenges, vulnerabilities, and emerging defenses.
Learn more: www.wallarm.com/boston-api-s...
#CyberSecurity #Wallarm #AppSec
On November 13, top cybersecurity experts will gather at Topgolf Boston – Canton to share insights on API security challenges, vulnerabilities, and emerging defenses.
Learn more: www.wallarm.com/boston-api-s...
#CyberSecurity #Wallarm #AppSec
November 4, 2025 at 2:53 PM
Join Wallarm at the Boston API Security Summit 2025!
On November 13, top cybersecurity experts will gather at Topgolf Boston – Canton to share insights on API security challenges, vulnerabilities, and emerging defenses.
Learn more: www.wallarm.com/boston-api-s...
#CyberSecurity #Wallarm #AppSec
On November 13, top cybersecurity experts will gather at Topgolf Boston – Canton to share insights on API security challenges, vulnerabilities, and emerging defenses.
Learn more: www.wallarm.com/boston-api-s...
#CyberSecurity #Wallarm #AppSec
🚨 Tomorrow’s the Big Day! 🚨
The OWASP Global AppSec US 2025 Conference kicks off in Washington, D.C.!
REGISTER NOW: owasp.glueup.com/eve...
#OWASP #AppSecUS2025 #CyberSecurity #ApplicationSecurity #GlobalAppSec #OWASPCommunity
The OWASP Global AppSec US 2025 Conference kicks off in Washington, D.C.!
REGISTER NOW: owasp.glueup.com/eve...
#OWASP #AppSecUS2025 #CyberSecurity #ApplicationSecurity #GlobalAppSec #OWASPCommunity
November 2, 2025 at 4:10 PM
🚨 Tomorrow’s the Big Day! 🚨
The OWASP Global AppSec US 2025 Conference kicks off in Washington, D.C.!
REGISTER NOW: owasp.glueup.com/eve...
#OWASP #AppSecUS2025 #CyberSecurity #ApplicationSecurity #GlobalAppSec #OWASPCommunity
The OWASP Global AppSec US 2025 Conference kicks off in Washington, D.C.!
REGISTER NOW: owasp.glueup.com/eve...
#OWASP #AppSecUS2025 #CyberSecurity #ApplicationSecurity #GlobalAppSec #OWASPCommunity
We shipped Nuclei Templates v10.3.0 & v10.3.1 during #Hacktoberfest: 243 new templates and 178 CVEs including 44 KEVs (CISA). Community FTW! 💪
Recap + how to scan: projectdiscovery.io/blog/hacktob...
#Nuclei #AppSec #KEV #CVE
Recap + how to scan: projectdiscovery.io/blog/hacktob...
#Nuclei #AppSec #KEV #CVE
Hacktober 2025 - Nuclei Templates — ProjectDiscovery Blog
Summary of Releases v10.3.0 & v10.3.1
This month, we had two major releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users.
🚀 Hacktober Stats
Release
...
projectdiscovery.io
October 31, 2025 at 7:20 PM
We shipped Nuclei Templates v10.3.0 & v10.3.1 during #Hacktoberfest: 243 new templates and 178 CVEs including 44 KEVs (CISA). Community FTW! 💪
Recap + how to scan: projectdiscovery.io/blog/hacktob...
#Nuclei #AppSec #KEV #CVE
Recap + how to scan: projectdiscovery.io/blog/hacktob...
#Nuclei #AppSec #KEV #CVE
Is there an #AppSec or #DevSecOps trend right now that you think is overhyped? Which one and whyyyyyy? Tell me your feels #talkappsectome
October 30, 2025 at 11:41 PM
Is there an #AppSec or #DevSecOps trend right now that you think is overhyped? Which one and whyyyyyy? Tell me your feels #talkappsectome
We just released OWASP Faction 1.7 with lots of new features and bug fixes to help automate manual penetration testing and make reporting even easier.
we-are-faction.medium.com/owasp-factio...
#pentesting #cybersecurity #applicationsecurity #redteam #hacking #appsec #owasp
we-are-faction.medium.com/owasp-factio...
#pentesting #cybersecurity #applicationsecurity #redteam #hacking #appsec #owasp
OWASP Faction 1.7 — Major Updates for Enterprise Security Teams
For Enterprise Penetration Testing teams and Security Consulting Firms managing dozens — or hundreds — of assessments simultaneously…
we-are-faction.medium.com
October 27, 2025 at 3:58 AM
We just released OWASP Faction 1.7 with lots of new features and bug fixes to help automate manual penetration testing and make reporting even easier.
we-are-faction.medium.com/owasp-factio...
#pentesting #cybersecurity #applicationsecurity #redteam #hacking #appsec #owasp
we-are-faction.medium.com/owasp-factio...
#pentesting #cybersecurity #applicationsecurity #redteam #hacking #appsec #owasp
⚡️JUST DROPPED: The State of AI in Security & Development
We asked 450 CISOs, AppSec engineers and developers across Europe and the US how AI is changing the way we build and secure software.
We asked 450 CISOs, AppSec engineers and developers across Europe and the US how AI is changing the way we build and secure software.
October 22, 2025 at 1:01 PM
⚡️JUST DROPPED: The State of AI in Security & Development
We asked 450 CISOs, AppSec engineers and developers across Europe and the US how AI is changing the way we build and secure software.
We asked 450 CISOs, AppSec engineers and developers across Europe and the US how AI is changing the way we build and secure software.
The latest update for #Mendit includes "Mend.io Expands #AI Native #AppSec to Windsurf, CoPilot, Claude Code, and Amazon Q Developer" and "Building Strong Container Security for Modern Applications".
#CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d
#CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d
Mend
Mend identifies every open source component in your software, including dependencies. It then secures you from vulnerabilities and enforces license policies throughout the software development lifecycle.
opsmtrs.com
October 22, 2025 at 3:54 AM
The latest update for #Mendit includes "Mend.io Expands #AI Native #AppSec to Windsurf, CoPilot, Claude Code, and Amazon Q Developer" and "Building Strong Container Security for Modern Applications".
#CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d
#CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d
It's #LastWeekInAppSec time! Access control bypasses in #Python's #Authlib (#OAuth and #OpenID) and Java's #SpringFramework (#CSRF protection failure).
See buff.ly/ZUloV61 for deeper analysis, mitigation steps, etc.
#AppSec #VulnManagement #CyberSecurity #SupplyChainSecurity
See buff.ly/ZUloV61 for deeper analysis, mitigation steps, etc.
#AppSec #VulnManagement #CyberSecurity #SupplyChainSecurity
Last Week in AppSec for 21. October 2025 - Checkmarx
Access control bypasses in Python's Authlib (OAuth and OpenID) and Java's Spring Framework (CSRF protection failure), last week in AppSec
buff.ly
October 21, 2025 at 9:08 PM
It's #LastWeekInAppSec time! Access control bypasses in #Python's #Authlib (#OAuth and #OpenID) and Java's #SpringFramework (#CSRF protection failure).
See buff.ly/ZUloV61 for deeper analysis, mitigation steps, etc.
#AppSec #VulnManagement #CyberSecurity #SupplyChainSecurity
See buff.ly/ZUloV61 for deeper analysis, mitigation steps, etc.
#AppSec #VulnManagement #CyberSecurity #SupplyChainSecurity
Exciting news for all trainers and speakers! 🌟
Don't miss out on these opportunities:
🔍 Call for Trainers - #OWASP Global #AppSec EU 2026: sessionize.com/owasp...
🎤 Call for Presentations - Virtual 25th Anniversary Conference: sessionize.com/owasp...
Click the link to learn more! #devsecops
Don't miss out on these opportunities:
🔍 Call for Trainers - #OWASP Global #AppSec EU 2026: sessionize.com/owasp...
🎤 Call for Presentations - Virtual 25th Anniversary Conference: sessionize.com/owasp...
Click the link to learn more! #devsecops
OWASP Global AppSec EU (Vienna) 2026 - CFT : Call for Sessions
OWASP Global AppSec Training Days are known for their top notch trainers and in-depth course material. The OWASP Foundation would like to invite you ...
sessionize.com
October 20, 2025 at 7:21 PM
Exciting news for all trainers and speakers! 🌟
Don't miss out on these opportunities:
🔍 Call for Trainers - #OWASP Global #AppSec EU 2026: sessionize.com/owasp...
🎤 Call for Presentations - Virtual 25th Anniversary Conference: sessionize.com/owasp...
Click the link to learn more! #devsecops
Don't miss out on these opportunities:
🔍 Call for Trainers - #OWASP Global #AppSec EU 2026: sessionize.com/owasp...
🎤 Call for Presentations - Virtual 25th Anniversary Conference: sessionize.com/owasp...
Click the link to learn more! #devsecops
It’s official, Semgrep Managed Scans has entered GA! 🎉
We’re already seeing 1M+ scans per week, and in our new post, we show you how to estimate your infra cost savings with SMS.
🚀 Learn more about why customers love SMS: semgrep.dev/blog/2025/en...
#AppSec #InfoSec #Cybersecurity #AI
We’re already seeing 1M+ scans per week, and in our new post, we show you how to estimate your infra cost savings with SMS.
🚀 Learn more about why customers love SMS: semgrep.dev/blog/2025/en...
#AppSec #InfoSec #Cybersecurity #AI
October 14, 2025 at 5:00 PM
It’s official, Semgrep Managed Scans has entered GA! 🎉
We’re already seeing 1M+ scans per week, and in our new post, we show you how to estimate your infra cost savings with SMS.
🚀 Learn more about why customers love SMS: semgrep.dev/blog/2025/en...
#AppSec #InfoSec #Cybersecurity #AI
We’re already seeing 1M+ scans per week, and in our new post, we show you how to estimate your infra cost savings with SMS.
🚀 Learn more about why customers love SMS: semgrep.dev/blog/2025/en...
#AppSec #InfoSec #Cybersecurity #AI
AppSec is not just protecting your product/business, it's about protecting everyone!
These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.
These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.
October 10, 2025 at 12:34 PM
AppSec is not just protecting your product/business, it's about protecting everyone!
These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.
These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.
Yes. Yes, you've seen correctly. There's going to be an Open Security Conference 2026! 😍
🗓 Save the dates: November 5-8, 2026. ✅
opensecurityconference.org
#osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
🗓 Save the dates: November 5-8, 2026. ✅
opensecurityconference.org
#osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
Home
Welcome to the Open Security Conference (osco), the people-centred international gathering for everyone interested in cybersecurity. Join us 2-5 October 2025 in Rückersbach, Germany.
opensecurityconference.org
October 5, 2025 at 11:55 AM
Yes. Yes, you've seen correctly. There's going to be an Open Security Conference 2026! 😍
🗓 Save the dates: November 5-8, 2026. ✅
opensecurityconference.org
#osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
🗓 Save the dates: November 5-8, 2026. ✅
opensecurityconference.org
#osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
The audience shared retros, non-violent communication helps - yet any tools fail without building safe interpersonal relationships. Just culture focuses on system and actions not people.
———
📜 History repeating itself - Bianca Kastl
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec [lisi]
———
📜 History repeating itself - Bianca Kastl
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec [lisi]
October 3, 2025 at 3:38 PM
Google's Aristotle research showed psychological safety is the key factor. Strong team culture correlated with each member's perception of the consequences of taking interpersonal risks.
———
📜 History repeating itself - Bianca Kastl
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec [lisi]
———
📜 History repeating itself - Bianca Kastl
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec [lisi]
October 3, 2025 at 3:20 PM
Let's come back to the German electronic health record. Well. We'd have hoped we'd learned from past mistakes. And yet: the authentication flow was again bypassed in April 2025.
———
📜 History repeating itself - Bianca Kastl
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec [lisi]
———
📜 History repeating itself - Bianca Kastl
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec [lisi]
October 3, 2025 at 3:12 PM
Security champions for the win! Previous programs failed, so we did our research. Identified key learnings!
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
October 2, 2025 at 6:40 PM
Security champions for the win! Previous programs failed, so we did our research. Identified key learnings!
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
Centralized information from all tools into one. Gained visibility on company posture. But still no idea what's happening in teams.
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
October 2, 2025 at 6:36 PM
Centralized information from all tools into one. Gained visibility on company posture. But still no idea what's happening in teams.
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
Goodbye Bandit, Hello Python Code Audit
nocomplexity.com/stop-using-b...
Stop Relying on Bandit->There’s a Better Way!
#pythonprogramming #infosec #owasp #python #cybersecurty #appsec #auditnow #PyTorch #ai #openai #ml #Grok #fsf #gpl #RiseAndFall
nocomplexity.com/stop-using-b...
Stop Relying on Bandit->There’s a Better Way!
#pythonprogramming #infosec #owasp #python #cybersecurty #appsec #auditnow #PyTorch #ai #openai #ml #Grok #fsf #gpl #RiseAndFall
October 1, 2025 at 5:58 PM
Goodbye Bandit, Hello Python Code Audit
nocomplexity.com/stop-using-b...
Stop Relying on Bandit->There’s a Better Way!
#pythonprogramming #infosec #owasp #python #cybersecurty #appsec #auditnow #PyTorch #ai #openai #ml #Grok #fsf #gpl #RiseAndFall
nocomplexity.com/stop-using-b...
Stop Relying on Bandit->There’s a Better Way!
#pythonprogramming #infosec #owasp #python #cybersecurty #appsec #auditnow #PyTorch #ai #openai #ml #Grok #fsf #gpl #RiseAndFall
Alert De-Duplication
How and why we will be reporting fewer “duplicate” alerts in ZAP.
www.zaproxy.org
September 30, 2025 at 1:17 PM