home.social

#threatmodeling — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #threatmodeling, aggregated by home.social.

  1. Did you read "No Security Meter for AI" (ref: berryvilleiml.com/docs/no-secu...) If you did, you know that AI should not handle the threat modelling for your software without you double-checking the output. #security #appsec #threatmodeling #ai #machinelearning #ml #games

    berryvilleiml.com/docs/no-secu.....

  2. Did you read "No Security Meter for AI" (ref: berryvilleiml.com/docs/no-secu...) If you did, you know that AI should not handle the threat modelling for your software without you double-checking the output. #security #appsec #threatmodeling #ai #machinelearning #ml

    berryvilleiml.com/docs/no-securi...

  3. So I am not allowed to use the word *****, then make sure people have iron balls tied to one of their feet. Unfortunately, it's all too easy to trick an #LLM into doing something it shouldn't do. Which means we really need to think outside the box to #secure them. #appsec #threatmodeling #games

  4. OWASP Cornucopia just released v3.1.0 github.com/OWASP/cornuc... A Special thanks to Prakhar Porwal for implementing the CRE api for the Companion edition (ref: cornucopia.owasp.org/api/docs ). Thank you so much for all your help! #games #cornucopia #owasp #appsec #security #threatmodeling

    Release Release v3.1.0 · OWASP...

  5. Do you feel like Pablo Escobar waiting for developers to learn threat modeling? The waiting time is over!! #appsec #owasp #llm #agentic #ai #security #cloud #devops #frontend #webdev #threatmodeling #agile #games

  6. Do you feel like Pablo Escobar waiting for developers to learn threat modeling? The waiting time is over!! #appsec #owasp #llm #agentic #ai #security #cloud #devops #frontend #webdev #threatmodeling #agile #games

  7. Do you feel like Pablo Escobar waiting for developers to learn threat modeling? The waiting time is over!! #appsec #owasp #llm #agentic #ai #security #cloud #devops #frontend #webdev #threatmodeling #agile #games

  8. Do you feel like Pablo Escobar waiting for developers to learn threat modeling? The waiting time is over!! #appsec #owasp #llm #agentic #ai #security #cloud #devops #frontend #webdev #threatmodeling #agile #games

  9. Do you feel like Pablo Escobar waiting for developers to learn threat modeling? The waiting time is over!! #appsec #owasp #llm #agentic #ai #security #cloud #devops #frontend #webdev #threatmodeling #agile #games

  10. The OWASP Foundation is celebrating 25 incredible years of open source security. That’s why OWASP Cornucopia is launching its 25th anniversary edition. Read all about it here:  dev.to/owasp/introd... #AppSec #security #threatmodeling #games #agile #lean #llm #agentic #devops #cloud #fromtend

    Introducing a OWASP Game for t...

  11. The OWASP Foundation is celebrating 25 incredible years of open source security. That’s why OWASP Cornucopia is launching its 25th anniversary edition. Read all about it here:  dev.to/owasp/introd... #AppSec #security #threatmodeling #games #agile #lean #llm #agentic #devops #cloud #fromtend

    Introducing a OWASP Game for t...

  12. Yes! It’s time to party!! It was an honor to participate at the OWASP Virtual Conference commemorating the 25th anniversary. Here is the video: youtu.be/KmjUM0EF_24?... #OWASP25thAnniversary #OWASP #AppSec #security #threatmodeling #games #agile #lean #llm #agentic #devops #cloud #fromtend

    OWASP Cornucopia - Stop Lectur...

  13. Are you responsible for all the battles? Then stop and let the monsters rampage a bit. Remember, you can always swoop down and take out the final boss before the credits roll at the end of the movie. #appsec #owasp #llm #agentic #ai #security #cloud #devops #threatmodeling #agile #games

  14. Are you responsible for all the battles? Then stop and let the monsters rampage a bit. Remember, you can always swoop down and take out the final boss before the credits roll at the end of the movie. #appsec #owasp #llm #agentic #ai #security #cloud #devops #threatmodeling #agile #games

  15. Are you responsible for all the battles? Then stop and let the monsters rampage a bit. Remember, you can always swoop down and take out the final boss before the credits roll at the end of the movie. #appsec #owasp #llm #agentic #ai #security #cloud #devops #threatmodeling #agile #games

  16. Are you responsible for all the battles? Then stop and let the monsters rampage a bit. Remember, you can always swoop down and take out the final boss before the credits roll at the end of the movie. #appsec #owasp #llm #agentic #ai #security #cloud #devops #threatmodeling #agile #games

  17. Are you responsible for all the battles? Then stop and let the monsters rampage a bit. Remember, you can always swoop down and take out the final boss before the credits roll at the end of the movie. #appsec #owasp #llm #agentic #ai #security #cloud #devops #threatmodeling #agile #games

  18. Do you feel like yelling at the world for not doing threat modeling? No need to yell, the tools are free! Copi - The OWASP® Cornucopia Game Engine - (copi.owasp.org) Is free to use and perfect for distributed teams. #appsec #owasp #llm #agentic #ai #cloud #devops #threatmodeling #agile #games

  19. Do you feel like yelling at the world for not doing threat modeling? No need to yell, the tools are free! Copi - The OWASP® Cornucopia Game Engine - (copi.owasp.org) Is free to use and perfect for distributed teams. #appsec #owasp #llm #agentic #ai #cloud #devops #threatmodeling #agile #games

  20. Do you feel like yelling at the world for not doing threat modeling? No need to yell, the tools are free! Copi - The OWASP® Cornucopia Game Engine - (copi.owasp.org) Is free to use and perfect for distributed teams. #appsec #owasp #llm #agentic #ai #cloud #devops #threatmodeling #agile #games

  21. Do you feel like yelling at the world for not doing threat modeling? No need to yell, the tools are free! Copi - The OWASP® Cornucopia Game Engine - (copi.owasp.org) Is free to use and perfect for distributed teams. #appsec #owasp #llm #agentic #ai #cloud #devops #threatmodeling #agile #games

  22. Yes! It’s time to party! The OWASP Foundation is celebrating 25 incredible years of open source security. That’s why OWASP Cornucopia is launching its 25th anniversary edition. #appsec #security #owasp #cornucopia #llm #agentic_ai #devops #cloud #frontend #threatmodeling

  23. Yes! It’s time to party! The OWASP Foundation is celebrating 25 incredible years of open source security. That’s why OWASP Cornucopia is launching its 25th anniversary edition. #appsec #security #owasp #cornucopia #llm #agentic_ai #devops #cloud #frontend #threatmodeling

  24. Yes! It’s time to party! The OWASP Foundation is celebrating 25 incredible years of open source security. That’s why OWASP Cornucopia is launching its 25th anniversary edition. #appsec #security #owasp #cornucopia #llm #agentic_ai #devops #cloud #frontend #threatmodeling

  25. Yes! It’s time to party! The OWASP Foundation is celebrating 25 incredible years of open source security. That’s why OWASP Cornucopia is launching its 25th anniversary edition. #appsec #security #owasp #cornucopia #llm #agentic_ai #devops #cloud #frontend #threatmodeling

  26. Yes! It’s time to party! The OWASP Foundation is celebrating 25 incredible years of open source security. That’s why OWASP Cornucopia is launching its 25th anniversary edition. #appsec #security #owasp #cornucopia #llm #agentic_ai #devops #cloud #frontend #threatmodeling

  27. Thank you @seism0saurus for printing the data flow charts and @Gronner for taking care of the second table during my kind of impromptu threat model sessions.

    You can find information about the card games here: owasp.org/www-project-cornucop and here shostack.org/games/elevation-o

    It was fun giving a very short introduction to the methodology and the card games.

    @glacier

    #swec #swec26 #threatModeling

  28. Thank you @seism0saurus for printing the data flow charts and @Gronner for taking care of the second table during my kind of impromptu threat model sessions.

    You can find information about the card games here: owasp.org/www-project-cornucop and here shostack.org/games/elevation-o

    It was fun giving a very short introduction to the methodology and the card games.

    @glacier

    #swec #swec26 #threatModeling

  29. Thank you @seism0saurus for printing the data flow charts and @Gronner for taking care of the second table during my kind of impromptu threat model sessions.

    You can find information about the card games here: owasp.org/www-project-cornucop and here shostack.org/games/elevation-o

    It was fun giving a very short introduction to the methodology and the card games.

    @glacier

    #swec #swec26 #threatModeling

  30. Thank you @seism0saurus for printing the data flow charts and @Gronner for taking care of the second table during my kind of impromptu threat model sessions.

    You can find information about the card games here: owasp.org/www-project-cornucop and here shostack.org/games/elevation-o

    It was fun giving a very short introduction to the methodology and the card games.

    @glacier

    #swec #swec26 #threatModeling

  31. Thank you @seism0saurus for printing the data flow charts and @Gronner for taking care of the second table during my kind of impromptu threat model sessions.

    You can find information about the card games here: owasp.org/www-project-cornucop and here shostack.org/games/elevation-o

    It was fun giving a very short introduction to the methodology and the card games.

    @glacier

    #swec #swec26 #threatModeling

  32. "Just use Signal" is not a threat model.
    At BSides312, HelpMeRob is covering the security assumptions, risk trade-offs, and blind spots that put orgs at risk even when they're using the "right" tools. 30+ years across federal law enforcement, military cyber defense, and digital forensics.
    The encryption isn't the weak link. The assumptions are.
    May 16th. Chicago.
    🎟️ bsides312.org
    #BSides312 #InfoSec #CyberSecurity #Signal #OpSec #ThreatModeling #Privacy #Chicago

  33. Someone wrote a viral article claiming that Claude installs Spyware on your computer. The technical observation is real, but the threat is not. I took a closer look, and I would argue that the real issue with the Claude extension is somewhere else entirely, and I've seen little discussion on it: Matt Hand at Origin found that the extension actually allows almost *any* software on your machine to control your browser.

    I wrote it up as an example for how threat modeling can be helpful in evaluating sensationalist claims about security issues, including where Anthropic themselves fall into the same trap.

    blog.maass.xyz/what-s-your-thr

    #Anthropic #Claude #ThreatModeling #Spyware

  34. OWASP Ottawa would like to extend its gratitude to Rodrigo Rocha for an insightful presentation on their topic, "Threat Modeling in Practice" at our April 2026 meetup!

    Rodrigo laid out the basics of Threat Modeling to a packed room and explained the importance of performing threat modeling for development teams. Not only that, he walked us through a practical example of the threat modeling process for a mock healthcare web application.

    Thank you once again, Rodrigo! 👏

    If you missed this session, you can catch the recording of this session on our YouTube channel, along with recordings of other sessions from our awesome speakers!

    🎥 : youtube.com/watch?v=TXpb7ooZZRg

    #Cybersecurity #OWASP #Ottawa #ThreatModeling #Community #appsec

  35. Mythos Threat Looms Over Cyber Defenses

    A new force in cyberspace, known as Claude Mythos, threatens to revolutionize the speed at which cyber defenses are compromised, dramatically shortening the window between vulnerability discovery and exploitation. Experts warn that this emerging threat could upend traditional cybersecurity strategies, making it essential for organizations…

    osintsights.com/mythos-threat-

    #VulnerabilityManagement #EmergingThreats #CyberDefenses #ThreatModeling #RiskManagement

  36. @bkastl
    Es gibt ja diese bekannte Analyse bezüglich Kosten für Security zu Zeitpunkt im SDLC.

    Ich bin es ja gewohnt, dass man absurde intellektuelle Kopfstände macht, um Security trotzdem so spät und mit so wenig menschlichem Denken wie möglich zu machen (🤷🏻‍♂️), aber das ist jetzt eine neue Eskalation 🤣

    #threatmodeling