Hey! I'm doing a speaking thing in Nashville this weekend at #phreaknic 26. 👻
The talk will be about my misadventures in vibe coding and some techniques you can use to write secure code using vibes. phreaknic.info/schedule/
I hope to see you there!
#appsec #owasp #vibcoding #pentesting
The talk will be about my misadventures in vibe coding and some techniques you can use to write secure code using vibes. phreaknic.info/schedule/
I hope to see you there!
#appsec #owasp #vibcoding #pentesting
November 10, 2025 at 7:17 PM
Hey! I'm doing a speaking thing in Nashville this weekend at #phreaknic 26. 👻
The talk will be about my misadventures in vibe coding and some techniques you can use to write secure code using vibes. phreaknic.info/schedule/
I hope to see you there!
#appsec #owasp #vibcoding #pentesting
The talk will be about my misadventures in vibe coding and some techniques you can use to write secure code using vibes. phreaknic.info/schedule/
I hope to see you there!
#appsec #owasp #vibcoding #pentesting
I still need at least one more person to be a caller on my call-in-radio style podcast to ask a question about appsec and secure development practices on Friday this week. @shehackspurple.bsky.social will join me to answer caller questions!
November 10, 2025 at 7:04 PM
I still need at least one more person to be a caller on my call-in-radio style podcast to ask a question about appsec and secure development practices on Friday this week. @shehackspurple.bsky.social will join me to answer caller questions!
📢 OWASP Top 10 2025 is here! The new list introduces 'Software Supply Chain Failures' and 'Mishandling of Exceptional Conditions'. Security Misconfiguration jumps to #2, reflecting modern cloud risks. 🔒 #OWASP #AppSec #DevSecOps
OWASP Top 10 for 2025 Released, Spotlighting Supply Chain and Design Flaws
The OWASP Foundation has released its 2025 Top 10 list, introducing new categories for Software Supply Chain Failures and highlighting the growing importance of secure design and configuration.
cyber.netsecops.io
November 10, 2025 at 4:26 PM
📢 OWASP Top 10 2025 is here! The new list introduces 'Software Supply Chain Failures' and 'Mishandling of Exceptional Conditions'. Security Misconfiguration jumps to #2, reflecting modern cloud risks. 🔒 #OWASP #AppSec #DevSecOps
Fraudsters are getting smarter. Are your defenses? Join @approov.bsky.social ’s George McGregor & Axionym's Maya Fudim on Nov 12 for a webinar on future-proofing your mobile app security. Don’t fight 2025 threats with 2015 tactics. #AppSec #MobileSecurity #ZeroTrust
approov.io/info/future-...
approov.io/info/future-...
Future-Proofing Your Mobile App | Proactive Fraud Prevention Webinar
Join our webinar on proactive fraud prevention for mobile apps. Learn strategies to enhance security. Register now for potential complimentary access.
approov.io
November 10, 2025 at 10:12 AM
Fraudsters are getting smarter. Are your defenses? Join @approov.bsky.social ’s George McGregor & Axionym's Maya Fudim on Nov 12 for a webinar on future-proofing your mobile app security. Don’t fight 2025 threats with 2015 tactics. #AppSec #MobileSecurity #ZeroTrust
approov.io/info/future-...
approov.io/info/future-...
Fresh cyber content every day. Watch the newest playlist and learn how hackers think—and how to defend. 🚀 https://rootshell.online
#Hacking #CyberDefense #AppSec #Ransomware #DarkWeb
#Hacking #CyberDefense #AppSec #Ransomware #DarkWeb
251109 rootshell.online
Created on Sun Nov 9 23:00:00 CST 2025 - A news, tutorials and conferences about security published on YouTube - Find the RSS Feed with latest playlists at h...
rootshell.online
November 10, 2025 at 5:02 AM
Fresh cyber content every day. Watch the newest playlist and learn how hackers think—and how to defend. 🚀 https://rootshell.online
#Hacking #CyberDefense #AppSec #Ransomware #DarkWeb
#Hacking #CyberDefense #AppSec #Ransomware #DarkWeb
OWASP Top 10:2025 RC1: Broken Access Control remains #1 (3.73% of apps; SSRF moved into A01). Security Misconfiguration rose to #2 (3.00%). New A03 Software Supply Chain Failures shows high CVE impact but limited detections. #OWASP #AppSec #SupplyChain https://bit.ly/4ouiA2a
November 9, 2025 at 7:30 PM
OWASP Top 10:2025 RC1: Broken Access Control remains #1 (3.73% of apps; SSRF moved into A01). Security Misconfiguration rose to #2 (3.00%). New A03 Software Supply Chain Failures shows high CVE impact but limited detections. #OWASP #AppSec #SupplyChain https://bit.ly/4ouiA2a
Python does not implement privilege separation. Once an attacker is able to execute arbitrary Python code, the attacker gets the same privileges that is used to run the program.
So use Python Code Audit- an advanced SAST tool github.com/nocomplexity...
#owasp #pycon #appsec
So use Python Code Audit- an advanced SAST tool github.com/nocomplexity...
#owasp #pycon #appsec
a cat is looking up at the camera while standing on a bed
ALT: a cat is looking up at the camera while standing on a bed
media.tenor.com
November 9, 2025 at 6:54 PM
Python does not implement privilege separation. Once an attacker is able to execute arbitrary Python code, the attacker gets the same privileges that is used to run the program.
So use Python Code Audit- an advanced SAST tool github.com/nocomplexity...
#owasp #pycon #appsec
So use Python Code Audit- an advanced SAST tool github.com/nocomplexity...
#owasp #pycon #appsec
Insightful keynote speaker's talk at OWASP 2025 Global AppSec Conference ...
-
www.scworld.com/resource/owa... #OWASP #cybersecurity #AI #jobs
-
www.scworld.com/resource/owa... #OWASP #cybersecurity #AI #jobs
OWASP Global AppSec conference: How to make AI work for you instead of taking your job
AI agents can now do most of what any white-collar worker does for a living, keynote speaker Daniel Miessler said, but you can harness that power to make yourself much more productive.
www.scworld.com
November 9, 2025 at 6:30 PM
Insightful keynote speaker's talk at OWASP 2025 Global AppSec Conference ...
-
www.scworld.com/resource/owa... #OWASP #cybersecurity #AI #jobs
-
www.scworld.com/resource/owa... #OWASP #cybersecurity #AI #jobs
🐝 It’s official: OWASP’s 2025 Top 10 now includes Software Supply Chain Failures.
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
OWASP 2025 Top 10 Adds Software Supply Chain Failures, Ranke...
OWASP’s 2025 Top 10 introduces Software Supply Chain Failures as a new category, reflecting rising concern over dependency and build system risks.
socket.dev
November 9, 2025 at 5:57 PM
🐝 It’s official: OWASP’s 2025 Top 10 now includes Software Supply Chain Failures.
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
Half of survey respondents ranked it their top concern, a long overdue recognition in a year marked by high-impact supply chain attacks.
→ socket.dev/blog/owasp-2... #owasp #appsec #cybersecurity
NDSS 2025 – Investigating The Susceptibility Of Teens And Adults To YouTube Giveaway Scams SESSION Session 2C: Phishing & Fraud 1 Authors, Creators & Presenters: Elijah Bouma-Sims (Carneg...
#Network #Security #Security #Bloggers #Network #appsec […]
[Original post on securityboulevard.com]
#Network #Security #Security #Bloggers #Network #appsec […]
[Original post on securityboulevard.com]
Original post on securityboulevard.com
securityboulevard.com
November 9, 2025 at 7:56 PM
NDSS 2025 – Investigating The Susceptibility Of Teens And Adults To YouTube Giveaway Scams SESSION Session 2C: Phishing & Fraud 1 Authors, Creators & Presenters: Elijah Bouma-Sims (Carneg...
#Network #Security #Security #Bloggers #Network #appsec […]
[Original post on securityboulevard.com]
#Network #Security #Security #Bloggers #Network #appsec […]
[Original post on securityboulevard.com]
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Overview - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
November 9, 2025 at 1:08 PM
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
💻 Javadoc of the utility class:
righettod.github.io/code-snippet...
📖 Main references used:
- cnpd.public.lu/fr/decisions...
- cnpd.public.lu/content/dam/...
- en.wikipedia.org/wiki/Interna...
- www.iban.com/structure
- en.wikipedia.org/wiki/Payment...
#appsec #appsecurity
righettod.github.io/code-snippet...
📖 Main references used:
- cnpd.public.lu/fr/decisions...
- cnpd.public.lu/content/dam/...
- en.wikipedia.org/wiki/Interna...
- www.iban.com/structure
- en.wikipedia.org/wiki/Payment...
#appsec #appsecurity
November 9, 2025 at 10:01 AM
💻 Javadoc of the utility class:
righettod.github.io/code-snippet...
📖 Main references used:
- cnpd.public.lu/fr/decisions...
- cnpd.public.lu/content/dam/...
- en.wikipedia.org/wiki/Interna...
- www.iban.com/structure
- en.wikipedia.org/wiki/Payment...
#appsec #appsecurity
righettod.github.io/code-snippet...
📖 Main references used:
- cnpd.public.lu/fr/decisions...
- cnpd.public.lu/content/dam/...
- en.wikipedia.org/wiki/Interna...
- www.iban.com/structure
- en.wikipedia.org/wiki/Payment...
#appsec #appsecurity
🧑💻 During the secure code reviews I perform, I quite often find that sensitive information is included in messages intended to be written to event logs or error messages. I added a utility method to my "code-snippets-security-utils" project to help detection.
#appsec #appsecurity
#appsec #appsecurity
November 9, 2025 at 10:01 AM
🧑💻 During the secure code reviews I perform, I quite often find that sensitive information is included in messages intended to be written to event logs or error messages. I added a utility method to my "code-snippets-security-utils" project to help detection.
#appsec #appsecurity
#appsec #appsecurity
Keep your skills sharp with the latest cyber playlist—stream now and stay informed. ⚔️ https://rootshell.online
#CyberSecurity #AppSec #ThreatIntelligence #Ransomware #OnlineSafety
#CyberSecurity #AppSec #ThreatIntelligence #Ransomware #OnlineSafety
251108 rootshell.online
Created on Sat Nov 8 23:00:00 CST 2025 - A news, tutorials and conferences about security published on YouTube - Find the RSS Feed with latest playlists at h...
rootshell.online
November 9, 2025 at 5:02 AM
Keep your skills sharp with the latest cyber playlist—stream now and stay informed. ⚔️ https://rootshell.online
#CyberSecurity #AppSec #ThreatIntelligence #Ransomware #OnlineSafety
#CyberSecurity #AppSec #ThreatIntelligence #Ransomware #OnlineSafety
We, as an industry, need to start giving very specific and clear advice, if we want to have better outcomes. No more high level, vague, and ambiguous advice please.
youtu.be/XXtEpRN3ePc?...
#SpecificSecurity #BeSpecific #appsec #cybersecurity
youtu.be/XXtEpRN3ePc?...
#SpecificSecurity #BeSpecific #appsec #cybersecurity
November 8, 2025 at 9:32 PM
We, as an industry, need to start giving very specific and clear advice, if we want to have better outcomes. No more high level, vague, and ambiguous advice please.
youtu.be/XXtEpRN3ePc?...
#SpecificSecurity #BeSpecific #appsec #cybersecurity
youtu.be/XXtEpRN3ePc?...
#SpecificSecurity #BeSpecific #appsec #cybersecurity
Application Security / #AppSec / #appsecurity is a key area in modern #CyberSecurity.
Particularly with so many non-tech folk now building Web apps using #AI.
If you're building apps I highly recommend reading the books by Tanya Janca @shehackspurple.bsky.social
They have helped me a lot!
Particularly with so many non-tech folk now building Web apps using #AI.
If you're building apps I highly recommend reading the books by Tanya Janca @shehackspurple.bsky.social
They have helped me a lot!
November 8, 2025 at 4:51 PM
Application Security / #AppSec / #appsecurity is a key area in modern #CyberSecurity.
Particularly with so many non-tech folk now building Web apps using #AI.
If you're building apps I highly recommend reading the books by Tanya Janca @shehackspurple.bsky.social
They have helped me a lot!
Particularly with so many non-tech folk now building Web apps using #AI.
If you're building apps I highly recommend reading the books by Tanya Janca @shehackspurple.bsky.social
They have helped me a lot!
The AppSec Nightmare: How a Single Code Vulnerability Became a Universal Exploit Chain
Introduction: The recent discovery of a critical vulnerability within a widely used application framework has sent shockwaves through the cybersecurity community. This isn't just another bug; it's a…
Introduction: The recent discovery of a critical vulnerability within a widely used application framework has sent shockwaves through the cybersecurity community. This isn't just another bug; it's a…
The AppSec Nightmare: How a Single Code Vulnerability Became a Universal Exploit Chain
Introduction: The recent discovery of a critical vulnerability within a widely used application framework has sent shockwaves through the cybersecurity community. This isn't just another bug; it's a demonstration of how a single flaw in a common code dependency can be chained into a full-scale, remote code execution exploit, compromising countless applications simultaneously. Understanding the mechanics of this attack is crucial for developers, security professionals, and system administrators to effectively defend their assets.
undercodetesting.com
November 8, 2025 at 7:29 AM
The AppSec Nightmare: How a Single Code Vulnerability Became a Universal Exploit Chain
Introduction: The recent discovery of a critical vulnerability within a widely used application framework has sent shockwaves through the cybersecurity community. This isn't just another bug; it's a…
Introduction: The recent discovery of a critical vulnerability within a widely used application framework has sent shockwaves through the cybersecurity community. This isn't just another bug; it's a…
The latest update for #Tines includes "Zero downtime database migrations: Lessons from moving a live production database" and "How CIOs and CISOs are unlocking AI's full value: 5 real-world takeaways".
#cybersecurity #nocodesecurity #appsec https://opsmtrs.com/3LFedhc
#cybersecurity #nocodesecurity #appsec https://opsmtrs.com/3LFedhc
Tines
The world’s best companies – from startups to the Fortune 10 – trust Tines with their mission-critical security workflows.
opsmtrs.com
November 8, 2025 at 6:50 AM
The latest update for #Tines includes "Zero downtime database migrations: Lessons from moving a live production database" and "How CIOs and CISOs are unlocking AI's full value: 5 real-world takeaways".
#cybersecurity #nocodesecurity #appsec https://opsmtrs.com/3LFedhc
#cybersecurity #nocodesecurity #appsec https://opsmtrs.com/3LFedhc
9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads #appsec
9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads
Eyal Estrin
unread,
12:23 AM (8 minutes ago)
to
https://socket.dev/blog/9-malicious-nuget-packages-deliver-time-delayed-destructive-payloads
Eyal Estrin
CISSP, CCSP, CISM, CISA, CDPSE, CCSK
Blog: https://security-24-7.com | Books: https://amzn.to/42Xai9A | https://amzn.to/3Sggbtv
Twitter: @eyalestrin | Bluesky: @eyalestrin.bsky.social
groups.google.com
November 8, 2025 at 6:32 AM
9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads #appsec
AppSec Tool: Speed, Accuracy, and False Positives! #shorts: What makes a good dev-centric AppSec tool? Speed is critical; aim for under 5 minutes. False positives erode trust, while false negatives are a problem too. Runtime security tools can offer rapid feedback. #AppSec #security #OWASP #Snyk…
AppSec Tool: Speed, Accuracy, and False Positives! #shorts
What makes a good dev-centric AppSec tool? Speed is critical; aim for under 5 minutes. False positives erode trust, while false negatives are a problem too. Runtime security tools can offer rapid feedback. #AppSec #security #OWASP #Snyk #ContrastAssess
www.youtube.com
November 8, 2025 at 12:43 AM
OWASP Global AppSec: Risk management may be a pointless waste of time The notion of measuring and managing risk as a core business and cybersecurity practice is fruitless, said cybersecurity expert...
#Malware #News
Origin | Interest | Match
#Malware #News
Origin | Interest | Match
OWASP Global AppSec: Risk management may be a pointless waste of time
The notion of measuring and managing risk as a core business and cybersecurity practice is fruitless, said cybersecurity expert Adam Shostack. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Article Link: https://www.scworld.com/resource/owasp-global-appsec-risk-...
malware.news
November 7, 2025 at 11:27 PM
Want to learn the absolute basics of application security? Check out this helpful YouTube playlist! #appsec
youtube.com
Introduction to Application Security
twp.ai
November 7, 2025 at 10:13 PM
Want to learn the absolute basics of application security? Check out this helpful YouTube playlist! #appsec
Big thanks to everyone who joined StackHawk, Arnica, Eve Security, Prime Security, & Phoenix Security at our OWASP DC social!
It was great connecting with the AppSec community and talking all things shift-left and secure software.
#AppSec #ShiftLeft #OWASP #DevOps
It was great connecting with the AppSec community and talking all things shift-left and secure software.
#AppSec #ShiftLeft #OWASP #DevOps
November 7, 2025 at 7:09 PM
Big thanks to everyone who joined StackHawk, Arnica, Eve Security, Prime Security, & Phoenix Security at our OWASP DC social!
It was great connecting with the AppSec community and talking all things shift-left and secure software.
#AppSec #ShiftLeft #OWASP #DevOps
It was great connecting with the AppSec community and talking all things shift-left and secure software.
#AppSec #ShiftLeft #OWASP #DevOps
Will iOS 26 Cause You to Fail PCI? 🚨
No current physical devices running 26 can be jailbroken, which removes the visibility teams rely on to verify how mobile apps handle sensitive data at rest and in transit. Read our new blog to learn more ➡️ buff.ly/ZzZ7zTW
#AppSec #PCI #Compliance
No current physical devices running 26 can be jailbroken, which removes the visibility teams rely on to verify how mobile apps handle sensitive data at rest and in transit. Read our new blog to learn more ➡️ buff.ly/ZzZ7zTW
#AppSec #PCI #Compliance
iOS 26 Runtime Blindspot: Will Your App Fail PCI Compliance?
The iOS 26 lockdown prevents runtime testing, jeopardizing your PCI compliance. Discover why static checks aren't enough and how to observe app data handling on modern iOS.
buff.ly
November 7, 2025 at 7:00 PM
Will iOS 26 Cause You to Fail PCI? 🚨
No current physical devices running 26 can be jailbroken, which removes the visibility teams rely on to verify how mobile apps handle sensitive data at rest and in transit. Read our new blog to learn more ➡️ buff.ly/ZzZ7zTW
#AppSec #PCI #Compliance
No current physical devices running 26 can be jailbroken, which removes the visibility teams rely on to verify how mobile apps handle sensitive data at rest and in transit. Read our new blog to learn more ➡️ buff.ly/ZzZ7zTW
#AppSec #PCI #Compliance