#threat-modeling — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #threat-modeling, aggregated by home.social.
-
Yes! It’s time to party!! It was an honor to participate at the OWASP Virtual Conference commemorating the 25th anniversary. Here is the video: youtu.be/KmjUM0EF_24?... #OWASP25thAnniversary #OWASP #AppSec #security #threatmodeling #games #agile #lean #llm #agentic #devops #cloud #fromtend
OWASP Cornucopia - Stop Lectur... -
Yes! It’s time to party! The OWASP Foundation is celebrating 25 incredible years of open source security. That’s why OWASP Cornucopia is launching its 25th anniversary edition. #appsec #security #owasp #cornucopia #llm #agentic_ai #devops #cloud #frontend #threatmodeling
-
Thank you @seism0saurus for printing the data flow charts and @Gronner for taking care of the second table during my kind of impromptu threat model sessions.
You can find information about the card games here: https://owasp.org/www-project-cornucopia/ and here https://shostack.org/games/elevation-of-privilege
It was fun giving a very short introduction to the methodology and the card games.
-
"Just use Signal" is not a threat model.
At BSides312, HelpMeRob is covering the security assumptions, risk trade-offs, and blind spots that put orgs at risk even when they're using the "right" tools. 30+ years across federal law enforcement, military cyber defense, and digital forensics.
The encryption isn't the weak link. The assumptions are.
May 16th. Chicago.
🎟️ https://bsides312.org
#BSides312 #InfoSec #CyberSecurity #Signal #OpSec #ThreatModeling #Privacy #Chicago -
TechBash 2026 Keynotes and Workshops Announced Yesterday
#devconference #developers #kalahari #nepa #poconos #dotnet #aspnetcore #ai #threatmodeling #communication #kubernetes #cloud #career
-
Check out this year's keynotes and workshops! Register by June 19th for early bird discounts and ask us about sponsorship opportunities.
#devconference #developers #nepa #poconos #kalahariresort #learning #ai #kubernetes #dotnet #aspnetcore #threatmodeling #communication #dotnetmaui #blazor #javascript
-
Someone wrote a viral article claiming that Claude installs Spyware on your computer. The technical observation is real, but the threat is not. I took a closer look, and I would argue that the real issue with the Claude extension is somewhere else entirely, and I've seen little discussion on it: Matt Hand at Origin found that the extension actually allows almost *any* software on your machine to control your browser.
I wrote it up as an example for how threat modeling can be helpful in evaluating sensationalist claims about security issues, including where Anthropic themselves fall into the same trap.
-
OWASP Ottawa would like to extend its gratitude to Rodrigo Rocha for an insightful presentation on their topic, "Threat Modeling in Practice" at our April 2026 meetup!
Rodrigo laid out the basics of Threat Modeling to a packed room and explained the importance of performing threat modeling for development teams. Not only that, he walked us through a practical example of the threat modeling process for a mock healthcare web application.
Thank you once again, Rodrigo! 👏
If you missed this session, you can catch the recording of this session on our YouTube channel, along with recordings of other sessions from our awesome speakers!
🎥 : https://www.youtube.com/watch?v=TXpb7ooZZRg
#Cybersecurity #OWASP #Ottawa #ThreatModeling #Community #appsec
-
@bkastl
Es gibt ja diese bekannte Analyse bezüglich Kosten für Security zu Zeitpunkt im SDLC.Ich bin es ja gewohnt, dass man absurde intellektuelle Kopfstände macht, um Security trotzdem so spät und mit so wenig menschlichem Denken wie möglich zu machen (🤷🏻♂️), aber das ist jetzt eine neue Eskalation 🤣
-
🚨 OWASP Ottawa April 2026 Meetup - Featuring Rodrigo Rocha! 🚨
OWASP Ottawa is excited to announce our April 2026 meetup featuring Rodrigo Rocha present their talk “Threat Modeling in Practice: From Diagram to Defense". The details are as follows:
📍 Location: 150 Louis-Pasteur Private, University of Ottawa, Room 580
📅 Date: April 15, 2026
⏰ Time: 6:00 PM EST - Arrival, networking, & pizza! 🍕
6:30 PM EST - Technical TalkThreat Modeling is often seen as heavy, theoretical, or compliance-driven, which leads to it being skipped. This session will focus on Rodrigo introducing a practical, lightweight approach to Threat Modeling that fits directly into agile workflows.
Using a real-world healthcare portal example, Rodrigo will walk us through the process from drawing a simple data flow diagram to identifying critical assets, mapping real attack scenarios (via MITRE CAPEC), linking root causes (CWE), and translating them into testable security requirements using OWASP ASVS.
Whether you’re a student, early-career professional, or seasoned practitioner looking to learn more about Threat Modeling, come aboard and learn from experts!
We look forward to seeing you there in-person! If you cannot attend the event, you can watch the livestream on our YouTube channel.
🎥 : https://www.youtube.com/@OWASP_Ottawa
Our Github Chapter page: https://github.com/OWASP-Ottawa/chapter-guide/blob/main/Nextevent/tab_nextevent.md
#OWASP #Ottawa #Cybersecurity #ThreatModeling #InfoSec #AppSec #TechCommunity
-
Great news OWASP! The Global #AppSec USA Call for Presentations has officially opened! Submit your talk and join us in San Francisco!
-
Last chance to RSVP for our March Meetup!
Big thank you to our hosts Microsoft for and Pentera for sponsoring food and beverages.
In this edition we have 1 long form talk.
Josh Corman will be presenting on the various cyber threats to water infrastructure. He will walk through potential scenarios and do a table top exercise.
RSVP at https://buff.ly/G72uBEA
#cybersecurity #infrastructuresecurity #security #threatmodeling
-
Hot take from a guy who spent two decades at investigating cyber crimes:
The term "hacker" tells you almost nothing useful.
What matters, what actually predicts behavior, tactics, and targets,
is WHY they're doing it.The intelligence community has used M.I.C.E for 70 years to understand spies. That model is shifted to a new ear of online threats.
Money. Ideology. Curiosity . Ego.
I wrote a book applying it to cybersecurity. Not because it's theoretical.
Because in the field, understanding motivation is how you get ahead of attacks.
A money-motivated attacker runs a different kill chain than an ego-driven one.
Treat them the same and your defenses will always be one step behind.
Happy to talk through any of it here. The infosec community on Bluesky
has been one of the best conversations I've had about this stuff.Book: 'How MICE Threaten Cyber Security' on Amazon.
https://a.co/d/0awR4gNr -
Grab a spot at the March Meetup!
Big thank you to our hosts Microsoft for and Pentera for sponsoring food and beverages.
In this edition we have 1 long form talk.
Josh Corman will be presenting on the various cyber threats to water infrastructure. He will walk through potential scenarios and do a table top exercise.
RSVP at https://buff.ly/G72uBEA
#cybersecurity #infrastructuresecurity #security #threatmodeling
-
RSVP for our March Meetup!
Big thank you to our hosts Microsoft for and Pentera for sponsoring food and beverages.
In this edition we have 1 long form talk.
Josh Corman will be presenting on the various cyber threats to water infrastructure. He will walk through potential scenarios and do a table top exercise.
RSVP at https://buff.ly/G72uBEA
#cybersecurity #infrastructuresecurity #security #threatmodeling
-
In this month's meetup we have switched things a bit. We will have 1 long form talk with plenty of chances to discuss.
Josh Corman will be presenting on the various cyber threats to water infrastructure. He will walk through potential scenarios and do a table top exercise.
Big thank you to our hosts Microsoft for and Pentera for sponsoring food and beverages.
RSVP fast as we are already filling up at https://buff.ly/G72uBEA
#cyberthreat #infrastructuresecurity #security #threatmodeling