Those issues in csurf were publicly known for at least 5 years 😢 Here's the excellent presentation by David Johansson that discusses that back in 2017 youtube.com/watch?v=2uvrGQ… owasp.org/www-pdf-archiv…

Spot on analysis of CVE-2022-42889 in Apache Commons Text by Johannes Ullrich in todays SANS.edu Internet Storm Center - “it’s not really a vulnerability, it’s really just a stupid feature” 😂

propublica.org/article/fbi-ra… 😂 dolphin is “Someone who is highly intelligent and can’t communicate with humans,”, “ When we would travel, we would bring our dolphins with us. And when the other party started squeaking, we would have our dolphins squeak right back at them.”

We will have #OWASP meeting in Krakow Dec 1st. Save date, register and please share! meetup.com/owasp-poland/e…

Great news! (not) 🙃 Mateusz Krzeszowiec from Veracode demonstrates how your child could bypass Google family link parental controls (including safesearch) using the browser built into Microsoft Skype Support (Microsoft Security closed as N/A but now it might be fixed????)

Should Software Companies Be Held Liable for Security Flaws? The former U.S. National Cyber Director and the vice president of the Information Technology and Innovation Foundation face off wsj.com/articles/shoul…

Registration for DC’s Next Top Threat Model DEF CON is NOW OPEN! threatmodel.us/register/ #DEFCON #DEFCON31 #threatmodeling #threat_modeling #appsec #security #DCNTTM

📣 Norihide Saito | Azara and ei0124 are going to give a presentation at BSidesLV on the behavior of ObjectStorage and Content-Type! #BSidesLV

Attend the main JS conference in the US for free! How? 🎟️Just claim your remote ticket via the following link: gitnation.com/badges/jsnatio…. In the lineup, you'll find amazing speakers like Addy Osmani, Rich Harris, Stoyan Stefanov 🪩, Debbie O'Brien & many more.

When a con booth is a metaphor.

Hahahahah