Yes, you too can design an app that is difficult to hack as long as your architects evaluate security cost benefit trade offs alongside functionality requests. It’s much harder to secure an app after it’s been built. #cybersecurity

If you haven't already, check out my short documentary on hacking Pokémon games: youtu.be/GiIL1SxGu6Y #pokemon

"Graphics are the first thing finished in a video game" Here's a Thunderjaw from an early build of Horizon: Zero Dawn

I’m giving away the perfect API Hacker’s library to one of my readers - hAPI_hacker’s “Hacking APIs”, Dafydd Stuttard’s “The Web Application Hacker’s Handbook”, and Andrew Hoffman’s “ Web Application Security”. Learn how to enter at danaepp.com/5-books-every-…

I am releasing a comprehensive video on #ZeroTrust architecture in 1 hour on my YouTube channel (and1hof). Head on over to YT and check it out #CybersecurityAwarenessMonth

Don’t forget to vote in the upcoming midterm elections. As a US citizen, these elections are your best voice into changing outdated laws, introducing new ones and of course preserving and improving our democracy! #Midterms2022

Great Explainer about Zero Trust Architecture by Andrew Hoffman He made me realize that I had missed some elements in my research on the topic. #CyberSecurity #InfoSec #InformationSecurity youtube.com/watch?v=rsp9sS…

If you use Wikipedia, you've seen pop-ups like this. If you're like me, you may have donated as a result. Wikipedia is an amazing website, and the appeals seem heartfelt. But I've now learnt the money isn't going where I thought...

For cryptocurrency to succeed in the long run, it needs to deliver value by replacing or creating new financial tools. Coins solely used for price speculation and trading aren't worth considering as part of your long term strategy.

The goal of a threat model should be four-fold. a) identify threats, b) identity mitigations, c) identify delta between "a" and "b", and finally e) document knowledge #CybersecurityAwarenessMonth

Regression testing is essential for a good long term security posture. Fix the vulnerability once, write a test and than block merge if a developer ever reopens the bug. #CybersecurityAwarenessMonth2022

In any other industry suggesting “hash and salt” to a co-worker means you want to get brunch at the local diner. #CybersecurityAwarenessMonth

If a library has 200 separate functions and 1 of those functions is vulnerable it should not be an incident unless your code is invoking the vulnerable function. #security

One often forgotten element of good security posture is data privacy. If companies would encrypt PII more often, then even in the case of a data breach the blast radius would be limited and the most valuable data would be un-useable by a hacker.

Piggybacking on the previous data privacy tweet: remember not to roll your own crypto. NIST has good breakdowns of what crypto algorithms are secure in 2022 and beyond.

Do note, "crypto" has referred to cryptographic algorithms for far longer than it has referred to cryptocurrency. #security

Decentralized apps don’t have to be built on blockchains. #programming

SCA tells you if a library is vulnerable, but does not tell you if you are making use of the library in a vulnerable way. Next-gen SCA will all support "reachability" combining SCA & SAST to close this gap. #infosec

I just released an important blog post regarding a new and upcoming SCA feature that all next-gen platforms will have. #infosec #cybersecurity linkedin.com/pulse/reachabi…

This morning I released a deep-dive and technical breakdown of a sophisticated XSS vulnerability that was exploited against 80+ govs last year. It uses an unusual & uncommon XSS sink. youtube.com/watch?v=yL3Mad… #appsec #infosec #CyberSecurity