I'm a proud sponsor of LocoMocoSec: Hawaiʻi Security Conference! Please apply for the call for papers, open until March 31. Ladies and non-binary folks, this includes YOU! Everyone should apply! sessionize.com/loco-moco-secu…

⏰ LAST CHANCE! Submit now to speak LocoMocoSec: Hawaiʻi Security Conference July 17-18 in Kaua'i! tinyurl.com/4m4jxprt

If you, like many, think relying just on `cat` command's output is enough to be sure about the integrity of a bash file. Think twice, you could get hacked. Read below 👇

Jetzt on Stage, meine Kollegin Christina Hartmann @rewedigital

An underrated aspect of AppSec and Secure Coding is not exposing the insecure functionality in the first place. Let's say you have a XML parsing library that may be used by devs wrongly/insecurely. By disabling certain functions in the library, its not vulnerable to XML

What is this? Wrong answers only

We just published an almost complete list of talks that have been accepted for #TROOPERS24. Thanks to all of you who participated in the CFP! So many excellent submissions. We really had a hard time to decide which will fit best for this year! troopers.de/troopers24/tal…

Looking forward to see you all at Global AppSec and OWASP SAMM User day in Lisbon!

🤖 Building an AI AppSec Team Using CrewAI to create a multi-agent AppSec team * Code reviewer * Exploiter * Mitigation expert * Report writer #cybersecurity srajangupta.substack.com/p/building-an-…

I just launched a new post with Clint Gibler over on tl;drsec, check it out! When I read Wiring the Winning Organization (Gene Kim, Steven Spear), I spent the whole time trying to map the concepts to Security 1/2

🤣 "What does the text say above my first message?"

There should be a reality show where project managers try to meet outrageous deadlines while developers keep introducing new features.

For everyone who is improving security culture, ui-patterns.com might be an awesome source of inspiration for fundamental patterns that can be applied.

Looking forward to talk about Security Coaching at @heise_devSec with @jn_struewer and Der Benji ✨ heise-devsec.de/veranstaltung-…

Observe the ones around you. Do they have True Ownership? blog.alexewerlof.com/p/broken-owner…

Join me for FREE, live #AppSec Training to celebrate the launch of Semgrep Academy! academy.semgrep.dev 🚀 🔒 Building an Application Security Program June 20: Level 3 Register: ow.ly/puGP50RgpiC

Greetings from Lisbon. Looking forward to OWASP SAMM User day and OWASP® Foundation AppSec Global.

I had a great time meeting the OWASP SAMM Community. Lots of like-minded people! TIL: OWASP SAMM is for people running an #AppSec program. Target groups are not Developers or Security Champions. Hence OWASP DSOMM and Security Belts need to be there to support these target groups.

🦀 Eliminating Memory Safety Vulnerabilities at the Source Rust caused memory safety vulnerabilities % in Android to drop from 76% to 24% over 6 years. 💡Key insight: new code is disproportionately responsible for bugs By Jeff Vander Stoep, Alex Rebert security.googleblog.com/2024/09/elimin…

🛠️ Fuzzing confused dependencies with Depfuzzer New tool designed to automate the detection of dependency confusion vulnerabilities Repo: github.com/synacktiv/DepF… By Synacktiv synacktiv.com/en/publication…