#devsec — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #devsec, aggregated by home.social.
-
AI's changing how we build apps, but are they safe? 😬 Developers, are you skipping security steps? This short dives into why expert oversight is key to avoiding vulnerabilities like hard-coded passwords. New video – check it out! #AIsecurity #SoftwareSecurity #DevSec
-
AI's changing how we build apps, but are they safe? 😬 Developers, are you skipping security steps? This short dives into why expert oversight is key to avoiding vulnerabilities like hard-coded passwords. New video – check it out! #AIsecurity #SoftwareSecurity #DevSec
-
AI's changing how we build apps, but are they safe? 😬 Developers, are you skipping security steps? This short dives into why expert oversight is key to avoiding vulnerabilities like hard-coded passwords. New video – check it out! #AIsecurity #SoftwareSecurity #DevSec
-
AI's changing how we build apps, but are they safe? 😬 Developers, are you skipping security steps? This short dives into why expert oversight is key to avoiding vulnerabilities like hard-coded passwords. New video – check it out! #AIsecurity #SoftwareSecurity #DevSec
-
LiteLLM supply chain attack: 97M monthly downloads, one malicious update, every secret stolen. The library helps AI apps connect to different models, so when hackers poisoned it, the damage spread to countless dependent projects. This is why we isolate our Python environments. #AISupplyChain #CyberSecurity #PythonSecurity #DevSec #AITools
-
LiteLLM supply chain attack: 97M monthly downloads, one malicious update, every secret stolen. The library helps AI apps connect to different models, so when hackers poisoned it, the damage spread to countless dependent projects. This is why we isolate our Python environments. #AISupplyChain #CyberSecurity #PythonSecurity #DevSec #AITools
-
NEW: Developers, crypto users, and job seekers beware - North Korea’s Lazarus Group is deploying a new #BeaverTail variant to steal credentials and crypto via fake job offers, dev tools and smart contracts.
Read: https://hackread.com/lazarus-embed-beavertail-variant-developer-tools/
-
Aufgrund einer fehlenden Prüfung auf den Dateityp war es in Form Block möglich, jede Art von Datei hochzuladen, indem man dem Server eine falsche Information über den Dateityp mitgab. Dieses Problem ist mit Form Block 1.5.6 behoben, ein Update wird empfohlen.
[…]
https://epiph.yt/blog/2025/beliebiger-datei-upload-in-form-block-1-5-6-behoben/
-
Due to a missing file type check, it was possible to upload files of any type in Form Block, just by telling the server that it is a different type. This has been fixed in Form Block 1.5.6, updating is highly recommended.
[…]
https://epiph.yt/en/blog/2025/fixing-arbitrary-file-upload-in-form-block-1-5-6/
-
Criei um labzinho de desenvolvimento seguro espefico para uma linguagem e vulnerabilidade que estava pegando aqui com os devs, tem td um passo a passo, quem quiser. #js #appsec #devsec #learn https://github.com/fguisso/backoffice-balm
-
🚨 Mark your calendars! 🚨
Join us for the OWASP Global AppSec US Conference in Washington, D.C., November 3–7, 2025 at the Marriott Marquis!
We're thrilled to announce our keynote speaker: Adam Shostack
Ready to level up your skills, grow your network, and ignite your passion for security?
🎟️ Register now and be part of the future of cybersecurity! https://owasp.glueup.com/event/131624/register/
#OWASP #AppSec #Cybersecurity #ThreatModeling #GlobalAppSecUS #SecureCoding #DevSecOps #DevSec #WashingtonDC #Hacking
-
Join Liran Tal at OWASP Global AppSec EU 2025 in Barcelona for an eye-opening session on the real security implications of TypeScript!
🛡️ Friend or Foe? TypeScript Security Fallacies
📅 Thursday, May 29, 2025
⏰ 2:15 PM – 3:00 PM CEST🔗 Register: https://owasp.glueup.com/event/123983/register/
With live demos and actionable insights, this talk is a must for anyone building with TypeScript.
#OWASP #AppSecEU2025 #TypeScriptSecurity #SecureCoding #DevSecOps #AppSec #DevSec #Barcelona
-
Join Liran Tal at OWASP Global AppSec EU 2025 in Barcelona for an eye-opening session on the real security implications of TypeScript!
🛡️ Friend or Foe? TypeScript Security Fallacies
📅 Thursday, May 29, 2025
⏰ 2:15 PM – 3:00 PM CEST🔗 Register: https://owasp.glueup.com/event/123983/register/
With live demos and actionable insights, this talk is a must for anyone building with TypeScript.
#OWASP #AppSecEU2025 #TypeScriptSecurity #SecureCoding #DevSecOps #AppSec #DevSec #Barcelona
-
Join Liran Tal at OWASP Global AppSec EU 2025 in Barcelona for an eye-opening session on the real security implications of TypeScript!
🛡️ Friend or Foe? TypeScript Security Fallacies
📅 Thursday, May 29, 2025
⏰ 2:15 PM – 3:00 PM CEST🔗 Register: https://owasp.glueup.com/event/123983/register/
With live demos and actionable insights, this talk is a must for anyone building with TypeScript.
#OWASP #AppSecEU2025 #TypeScriptSecurity #SecureCoding #DevSecOps #AppSec #DevSec #Barcelona
-
Join Liran Tal at OWASP Global AppSec EU 2025 in Barcelona for an eye-opening session on the real security implications of TypeScript!
🛡️ Friend or Foe? TypeScript Security Fallacies
📅 Thursday, May 29, 2025
⏰ 2:15 PM – 3:00 PM CEST🔗 Register: https://owasp.glueup.com/event/123983/register/
With live demos and actionable insights, this talk is a must for anyone building with TypeScript.
#OWASP #AppSecEU2025 #TypeScriptSecurity #SecureCoding #DevSecOps #AppSec #DevSec #Barcelona
-
Join Liran Tal at OWASP Global AppSec EU 2025 in Barcelona for an eye-opening session on the real security implications of TypeScript!
🛡️ Friend or Foe? TypeScript Security Fallacies
📅 Thursday, May 29, 2025
⏰ 2:15 PM – 3:00 PM CEST🔗 Register: https://owasp.glueup.com/event/123983/register/
With live demos and actionable insights, this talk is a must for anyone building with TypeScript.
#OWASP #AppSecEU2025 #TypeScriptSecurity #SecureCoding #DevSecOps #AppSec #DevSec #Barcelona
-
Join Dag Flachet at OWASP Global AppSec EU 2025 in Barcelona for a powerful session on building better AppSec programs—one small step at a time.
🔄 Kaizen for Your AppSec Program: Turning Big Problems into Small Steps
📅 Thursday, May 29, 2025
⏰ 3:30 PM – 4:15 PM CEST🔗 Register: https://owasp.glueup.com/event/123983/register/
Perfect for AppSec managers and anyone looking to build sustainable, human-centered security practices.
#OWASP #AppSecEU2025 #DevSec #AppSec #SecureDevelopment #Barcelona
-
Join Dag Flachet at OWASP Global AppSec EU 2025 in Barcelona for a powerful session on building better AppSec programs—one small step at a time.
🔄 Kaizen for Your AppSec Program: Turning Big Problems into Small Steps
📅 Thursday, May 29, 2025
⏰ 3:30 PM – 4:15 PM CEST🔗 Register: https://owasp.glueup.com/event/123983/register/
Perfect for AppSec managers and anyone looking to build sustainable, human-centered security practices.
#OWASP #AppSecEU2025 #DevSec #AppSec #SecureDevelopment #Barcelona
-
Join Dag Flachet at OWASP Global AppSec EU 2025 in Barcelona for a powerful session on building better AppSec programs—one small step at a time.
🔄 Kaizen for Your AppSec Program: Turning Big Problems into Small Steps
📅 Thursday, May 29, 2025
⏰ 3:30 PM – 4:15 PM CEST🔗 Register: https://owasp.glueup.com/event/123983/register/
Perfect for AppSec managers and anyone looking to build sustainable, human-centered security practices.
#OWASP #AppSecEU2025 #DevSec #AppSec #SecureDevelopment #Barcelona
-
Join Dag Flachet at OWASP Global AppSec EU 2025 in Barcelona for a powerful session on building better AppSec programs—one small step at a time.
🔄 Kaizen for Your AppSec Program: Turning Big Problems into Small Steps
📅 Thursday, May 29, 2025
⏰ 3:30 PM – 4:15 PM CEST🔗 Register: https://owasp.glueup.com/event/123983/register/
Perfect for AppSec managers and anyone looking to build sustainable, human-centered security practices.
#OWASP #AppSecEU2025 #DevSec #AppSec #SecureDevelopment #Barcelona
-
Join Dag Flachet at OWASP Global AppSec EU 2025 in Barcelona for a powerful session on building better AppSec programs—one small step at a time.
🔄 Kaizen for Your AppSec Program: Turning Big Problems into Small Steps
📅 Thursday, May 29, 2025
⏰ 3:30 PM – 4:15 PM CEST🔗 Register: https://owasp.glueup.com/event/123983/register/
Perfect for AppSec managers and anyone looking to build sustainable, human-centered security practices.
#OWASP #AppSecEU2025 #DevSec #AppSec #SecureDevelopment #Barcelona
-
-
At 2 pm our talk "Effective Infrastructure Testing: Lessons Learned from the Field" is taking place at #CfgMgmtCamp B.Con Main: https://cfp.cfgmgmtcamp.org/ghent2025/talk/CJA9ER/
There is also an online stream available: https://www.youtube.com/watch?v=ly8ORuvsqek
-
At 2 pm our talk "Effective Infrastructure Testing: Lessons Learned from the Field" is taking place at #CfgMgmtCamp B.Con Main: https://cfp.cfgmgmtcamp.org/ghent2025/talk/CJA9ER/
There is also an online stream available: https://www.youtube.com/watch?v=ly8ORuvsqek
-
At 2 pm our talk "Effective Infrastructure Testing: Lessons Learned from the Field" is taking place at #CfgMgmtCamp B.Con Main: https://cfp.cfgmgmtcamp.org/ghent2025/talk/CJA9ER/
There is also an online stream available: https://www.youtube.com/watch?v=ly8ORuvsqek
-
At 2 pm our talk "Effective Infrastructure Testing: Lessons Learned from the Field" is taking place at #CfgMgmtCamp B.Con Main: https://cfp.cfgmgmtcamp.org/ghent2025/talk/CJA9ER/
There is also an online stream available: https://www.youtube.com/watch?v=ly8ORuvsqek
-
At 2 pm our talk "Effective Infrastructure Testing: Lessons Learned from the Field" is taking place at #CfgMgmtCamp B.Con Main: https://cfp.cfgmgmtcamp.org/ghent2025/talk/CJA9ER/
There is also an online stream available: https://www.youtube.com/watch?v=ly8ORuvsqek
-
The Three Pillars of Shift-Left API Security – Source: securityboulevard.com https://ciso2ciso.com/the-three-pillars-of-shift-left-api-security-source-securityboulevard-com/ #SecurityBoulevard(Original) #rssfeedpostgeneratorecho #CyberSecurityNews #SecurityBoulevard #SocialFacebook #SocialLinkedIn #Cybersecurity #APIsecurity #shiftleft #SocialX #DevSec #api
-
ICYMI: Swetugg call for papers closes in a week
The conference for developers by developers!
-
Today and tomorrow I am attending the heise #devSec conference in cologne. Topics today are for example "how to make your software secure by design", "how to write secure software" and more.
#heisedevsec -
Während ich auf dem Weg zur #INFORMATIK24 bin, darf mein Freund und Kollege @theseer auf der Heise #devsec der „nervigen Kassandra der Security-Branche“ lauschen. #fomo
-
2024 OWASP AppSec Days Singapore - Oct 1 Training
Our training courses are designed to equip private and public sector infosec professionals, developers, defenders, and advocates to build a more secure web.
The training courses on day one will be led by Abraham Aranguren, Paul McCarty, and John Dileo.
Register to attend these training courses and more now by visiting our website ➡️ https://owaspappsecdayssingapore2.rsvpify.com/?securityToken=NxxB8ikF85MpaSmrzi8bXPS2500nadDT
-
🚨Developers and Security Pros: Join us for OWASP Developer Day in San Francisco on Sep 25!
Featuring a conference talk by Munawar Hafiz among our full day of developer -focused events.
See the full schedule and register using the link below!
https://www.eventbrite.com/e/owasp-developer-day-2024-tickets-944477707247?aff=oddtdtcreator
-
🚨 REGISTER NOW to attend Global AppSec San Francisco 2024 Conference and Training!
Join Harold Blankenship and Mat Tesauro for their 2-day training titled, "OWASP in Action - ASPM with OWASP Projects".
This two-day course streamlines application security posture management using OWASP open source projects optimized for DevSecOps workflows.
Follow this link to register now!
-
Global AppSec San Francisco 2024 Conference and Training is happening NEXT MONTH
Join Jim Manico for an intensive 2-day training session delving into core and advanced application security topics.
This course will cover essential areas such as input validation, HTTP security, SOP and CORS, SQL injections, CSRF, secure file handling, and third-party library management.
REGISTER👇
-
Calling all Developers and Security Pros! Join us for OWASP Developer Day in San Francisco on Sep 25!
Developers: Share your insights and experiences with security.
Security Experts: Hear directly from developers about what's effective and what needs improvement.Don't miss this chance to bridge the gap and enhance app security together!
REGISTER NOW!
https://www.eventbrite.com/e/owasp-developer-day-2024-tickets-944477707247?aff=oddtdtcreator
-
Have you registered for the Global AppSec San Francisco 2024 Conference and Training Sessions?
Join Fabio Cerullo for beginner friendly training session, "Web Application Security Essentials".
Learn more and register by following the link below 👇
-
Data sanitization in preview environments: A critical practice for modern DevOps
💡 Key points:
- Protects sensitive data while maintaining realistic testing
- Techniques: anonymization, pseudonymization, masking, scrambling
- Implement via CI/CD pipeline for efficiency💪 Benefits: enhanced security, compliance, reduced breach risk
🎯 Developers: This approach ensures you work with representative data without compromising security.
Read more: https://brnw.ch/21wL7vf
-
🔒 Unlocking DevSecOps secrets: Logging isn't just a record, it's your digital guardian! Learn why every developer needs to embrace logging for tighter security.
https://www.withstandsecurity.com/blog-insights/2024-03-19-dev-sec-logging -
Jemand auf der @heiseonline
@heisecHeise #devsec nächste Woche?
Mal wieder ein Talk über #kubernetes und #kubernetessecurity
#devsecops
https://www.heise-devsec.de/veranstaltung-20729-0-sicherheit-in-kubernetes-skalieren.html -
Hey all you #AppSec types out there, I'll be presenting at #Optiv #SourceZeroCon tomorrow at 11 AM Eastern. It's online and free. My talk is titled "Developers Gone Wild!" and is about some of the stranger things I've seen in #security testing applications. Details at the link: https://go.optiv.com/2023SourceZeroCon.html #DevSec #ApplicationTesting #SZC2023 #SourceZeroCon2023
-
Ich habe dieses Jahr bei mehreren Konferenzen und Workshops Einreichungen akzeptiert bekommen! 🥳
Auf dem German OWASP Day am 31.5. werde ich über Responsible Disclosure at Scale berichten: https://god.owasp.de/2023/schedule/
Auf der #GPN21 erzähle ich etwas dazu, wie man mit Mathematik ein API übernehmen kann (und wie gute Softwarearchitektur das verhindern würde). Ich erzähle von einer Sicherheitslücke, die auf der falschen Verwendung von Kryptographie beruht und mir nach wie vor jedes mal gute Laune macht, wenn ich an sie denke. https://entropia.de/GPN21
Und weil die Überschneidung im Publikum vermutlich nicht so groß sein wird, halte ich den Vortrag dann im September nochmal auf der Heise #DevSec. https://www.heise-devsec.de/veranstaltung-20797-0-wie-man-mit-mathematik-eine-bank-uebernehmen-kann-und-warum-defensive-architekturen-eine-gute-idee-sind.html
Ich freue mich drauf, euch vielleicht vor Ort zu sehen :).
