home.social

#threatmodelling — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #threatmodelling, aggregated by home.social.

  1. Could something be skipping though the "customer interaction" points in your application?

    BOT3 from the OWASP Cornucopia Companion illustrates how automation at scale can be used on gambling sites to make bets fast & furiously, skipping past all the checks and balances, warnings, up-selling and regulatory information.

    Read the whole scenario at cornucopia.owasp.org/edition/c

    Details of new release at cornucopia.owasp.org/news/2026

    @owasp #appsec #devops #devsecops #threatmodelling #eop #owasp #cornucopia

  2. Could something be skipping though the "customer interaction" points in your application?

    BOT3 from the OWASP Cornucopia Companion illustrates how automation at scale can be used on gambling sites to make bets fast & furiously, skipping past all the checks and balances, warnings, up-selling and regulatory information.

    Read the whole scenario at cornucopia.owasp.org/edition/c

    Details of new release at cornucopia.owasp.org/news/2026

    @owasp #appsec #devops #devsecops #threatmodelling #eop #owasp #cornucopia

  3. Could something be skipping though the "customer interaction" points in your application?

    BOT3 from the OWASP Cornucopia Companion illustrates how automation at scale can be used on gambling sites to make bets fast & furiously, skipping past all the checks and balances, warnings, up-selling and regulatory information.

    Read the whole scenario at cornucopia.owasp.org/edition/c

    Details of new release at cornucopia.owasp.org/news/2026

    @owasp #appsec #devops #devsecops #threatmodelling #eop #owasp #cornucopia

  4. Could something be skipping though the "customer interaction" points in your application?

    BOT3 from the OWASP Cornucopia Companion illustrates how automation at scale can be used on gambling sites to make bets fast & furiously, skipping past all the checks and balances, warnings, up-selling and regulatory information.

    Read the whole scenario at cornucopia.owasp.org/edition/c

    Details of new release at cornucopia.owasp.org/news/2026

    @owasp #appsec #devops #devsecops #threatmodelling #eop #owasp #cornucopia

  5. Could something be skipping though the "customer interaction" points in your application?

    BOT3 from the OWASP Cornucopia Companion illustrates how automation at scale can be used on gambling sites to make bets fast & furiously, skipping past all the checks and balances, warnings, up-selling and regulatory information.

    Read the whole scenario at cornucopia.owasp.org/edition/c

    Details of new release at cornucopia.owasp.org/news/2026

    @owasp #appsec #devops #devsecops #threatmodelling #eop #owasp #cornucopia

  6. Open source and free. Download print-ready files and play Cornucopia together, browse the cards online, or play games online with remote team members.

    cornucopia.owasp.org

    copi.owasp.org

    If you prefer, printed decks are available to purchase from a vendor as a dual-packaged Website App Edition x Companion Edition combination set:

    cybersecgames.com/pages/owasp-

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    2/2

  7. Open source and free. Download print-ready files and play Cornucopia together, browse the cards online, or play games online with remote team members.

    cornucopia.owasp.org

    copi.owasp.org

    If you prefer, printed decks are available to purchase from a vendor as a dual-packaged Website App Edition x Companion Edition combination set:

    cybersecgames.com/pages/owasp-

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    2/2

  8. Open source and free. Download print-ready files and play Cornucopia together, browse the cards online, or play games online with remote team members.

    cornucopia.owasp.org

    copi.owasp.org

    If you prefer, printed decks are available to purchase from a vendor as a dual-packaged Website App Edition x Companion Edition combination set:

    cybersecgames.com/pages/owasp-

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    2/2

  9. Open source and free. Download print-ready files and play Cornucopia together, browse the cards online, or play games online with remote team members.

    cornucopia.owasp.org

    copi.owasp.org

    If you prefer, printed decks are available to purchase from a vendor as a dual-packaged Website App Edition x Companion Edition combination set:

    cybersecgames.com/pages/owasp-

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    2/2

  10. Open source and free. Download print-ready files and play Cornucopia together, browse the cards online, or play games online with remote team members.

    cornucopia.owasp.org

    copi.owasp.org

    If you prefer, printed decks are available to purchase from a vendor as a dual-packaged Website App Edition x Companion Edition combination set:

    cybersecgames.com/pages/owasp-

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    2/2

  11. The new Companion Deck for OWASP Cornucopia includes six novel suits to assist threat modelling of Agentic AI, Cloud, DevOps, Frontend, LLM and Automation. The suits can be used alone or in combination with suits from either existing Cornucopia decks: the Website App Edition or Mobile App Edition. My main contribution to this is the Automated Threats (BOT) suit.

    cornucopia.owasp.org/news/2026

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    1/2

  12. The new Companion Deck for OWASP Cornucopia includes six novel suits to assist threat modelling of Agentic AI, Cloud, DevOps, Frontend, LLM and Automation. The suits can be used alone or in combination with suits from either existing Cornucopia decks: the Website App Edition or Mobile App Edition. My main contribution to this is the Automated Threats (BOT) suit.

    cornucopia.owasp.org/news/2026

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    1/2

  13. The new Companion Deck for OWASP Cornucopia includes six novel suits to assist threat modelling of Agentic AI, Cloud, DevOps, Frontend, LLM and Automation. The suits can be used alone or in combination with suits from either existing Cornucopia decks: the Website App Edition or Mobile App Edition. My main contribution to this is the Automated Threats (BOT) suit.

    cornucopia.owasp.org/news/2026

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    1/2

  14. The new Companion Deck for OWASP Cornucopia includes six novel suits to assist threat modelling of Agentic AI, Cloud, DevOps, Frontend, LLM and Automation. The suits can be used alone or in combination with suits from either existing Cornucopia decks: the Website App Edition or Mobile App Edition. My main contribution to this is the Automated Threats (BOT) suit.

    cornucopia.owasp.org/news/2026

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    1/2

  15. The new Companion Deck for OWASP Cornucopia includes six novel suits to assist threat modelling of Agentic AI, Cloud, DevOps, Frontend, LLM and Automation. The suits can be used alone or in combination with suits from either existing Cornucopia decks: the Website App Edition or Mobile App Edition. My main contribution to this is the Automated Threats (BOT) suit.

    cornucopia.owasp.org/news/2026

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    1/2

  16. Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.

    The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).

    cornucopia.owasp.org/news/2026

    @owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp

  17. Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.

    The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).

    cornucopia.owasp.org/news/2026

    @owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp

  18. Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.

    The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).

    cornucopia.owasp.org/news/2026

    @owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp

  19. Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.

    The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).

    cornucopia.owasp.org/news/2026

    @owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp

  20. Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.

    The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).

    cornucopia.owasp.org/news/2026

    @owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp

  21. The latest version of the OWASP Automated Threat Handbook, which defines a common language to identify and classify automated threats to web applications and provides relevant countermeasures, is available to download as a free PDF or can be purchased in print from Lulu:

    lulu.com/shop/colin-watson-and

    #bots #badbots #automatedthreats #appsec #infosec #informationsecurity #devops #threatmodelling #owasp @owasp

  22. The latest version of the OWASP Automated Threat Handbook, which defines a common language to identify and classify automated threats to web applications and provides relevant countermeasures, is available to download as a free PDF or can be purchased in print from Lulu:

    lulu.com/shop/colin-watson-and

    #bots #badbots #automatedthreats #appsec #infosec #informationsecurity #devops #threatmodelling #owasp @owasp

  23. The latest version of the OWASP Automated Threat Handbook, which defines a common language to identify and classify automated threats to web applications and provides relevant countermeasures, is available to download as a free PDF or can be purchased in print from Lulu:

    lulu.com/shop/colin-watson-and

    #bots #badbots #automatedthreats #appsec #infosec #informationsecurity #devops #threatmodelling #owasp @owasp

  24. The latest version of the OWASP Automated Threat Handbook, which defines a common language to identify and classify automated threats to web applications and provides relevant countermeasures, is available to download as a free PDF or can be purchased in print from Lulu:

    lulu.com/shop/colin-watson-and

    #bots #badbots #automatedthreats #appsec #infosec #informationsecurity #devops #threatmodelling #owasp @owasp

  25. The latest version of the OWASP Automated Threat Handbook, which defines a common language to identify and classify automated threats to web applications and provides relevant countermeasures, is available to download as a free PDF or can be purchased in print from Lulu:

    lulu.com/shop/colin-watson-and

    #bots #badbots #automatedthreats #appsec #infosec #informationsecurity #devops #threatmodelling #owasp @owasp

  26. The latest version of the OWASP Automated Threat Handbook, which defines a common language to identify and classify automated threats to web applications and provides relevant countermeasures, is available to download as a free PDF or can be purchased in print from Lulu:

    lulu.com/shop/colin-watson-and

    #bots #badbots #automatedthreats #appsec #infosec #informationsecurity #devops #threatmodelling #owasp @owasp

  27. The latest version of the OWASP Automated Threat Handbook, which defines a common language to identify and classify automated threats to web applications and provides relevant countermeasures, is available to download as a free PDF or can be purchased in print from Lulu:

    lulu.com/shop/colin-watson-and

    #bots #badbots #automatedthreats #appsec #infosec #informationsecurity #devops #threatmodelling #owasp @owasp

  28. The latest version of the OWASP Automated Threat Handbook, which defines a common language to identify and classify automated threats to web applications and provides relevant countermeasures, is available to download as a free PDF or can be purchased in print from Lulu:

    lulu.com/shop/colin-watson-and

    #bots #badbots #automatedthreats #appsec #infosec #informationsecurity #devops #threatmodelling #owasp @owasp

  29. Everyone have different needs and face different dangers when their personal data gets exposed. To give actionable privacy advice, it's essential to consider each person's unique situation.

    👤 Learn more on how to evaluate each person's threat model.

    🧰 Check our Privacy Activist Toolbox tip to Consider Everyone's Unique Situation: privacyguides.org/en/activism/

    #PrivacyGuides #Activism #PrivacyActivistToolbox #Privacy #ThreatModelling

  30. Everyone have different needs and face different dangers when their personal data gets exposed. To give actionable privacy advice, it's essential to consider each person's unique situation.

    👤 Learn more on how to evaluate each person's threat model.

    🧰 Check our Privacy Activist Toolbox tip to Consider Everyone's Unique Situation: privacyguides.org/en/activism/

    #PrivacyGuides #Activism #PrivacyActivistToolbox #Privacy #ThreatModelling

  31. Everyone have different needs and face different dangers when their personal data gets exposed. To give actionable privacy advice, it's essential to consider each person's unique situation.

    👤 Learn more on how to evaluate each person's threat model.

    🧰 Check our Privacy Activist Toolbox tip to Consider Everyone's Unique Situation: privacyguides.org/en/activism/

    #PrivacyGuides #Activism #PrivacyActivistToolbox #Privacy #ThreatModelling

  32. Everyone have different needs and face different dangers when their personal data gets exposed. To give actionable privacy advice, it's essential to consider each person's unique situation.

    👤 Learn more on how to evaluate each person's threat model.

    🧰 Check our Privacy Activist Toolbox tip to Consider Everyone's Unique Situation: privacyguides.org/en/activism/

    #PrivacyGuides #Activism #PrivacyActivistToolbox #Privacy #ThreatModelling

  33. Everyone have different needs and face different dangers when their personal data gets exposed. To give actionable privacy advice, it's essential to consider each person's unique situation.

    👤 Learn more on how to evaluate each person's threat model.

    🧰 Check our Privacy Activist Toolbox tip to Consider Everyone's Unique Situation: privacyguides.org/en/activism/

    #PrivacyGuides #Activism #PrivacyActivistToolbox #Privacy #ThreatModelling

  34. A couple of interesting links on SD-WAN security:

    * mplify.net/wp-content/uploads/ - securing application flows in SD-WAN solutions (vendor neutral)
    * arxiv.org/pdf/1811.04583 - focusses on orchestration, management and control (iterates through all the various vendors)

    #threatmodelling

  35. A couple of interesting links on SD-WAN security:

    * mplify.net/wp-content/uploads/ - securing application flows in SD-WAN solutions (vendor neutral)
    * arxiv.org/pdf/1811.04583 - focusses on orchestration, management and control (iterates through all the various vendors)

    #threatmodelling

  36. A couple of interesting links on SD-WAN security:

    * mplify.net/wp-content/uploads/ - securing application flows in SD-WAN solutions (vendor neutral)
    * arxiv.org/pdf/1811.04583 - focusses on orchestration, management and control (iterates through all the various vendors)

    #threatmodelling

  37. A couple of interesting links on SD-WAN security:

    * mplify.net/wp-content/uploads/ - securing application flows in SD-WAN solutions (vendor neutral)
    * arxiv.org/pdf/1811.04583 - focusses on orchestration, management and control (iterates through all the various vendors)

    #threatmodelling

  38. A couple of interesting links on SD-WAN security:

    * mplify.net/wp-content/uploads/ - securing application flows in SD-WAN solutions (vendor neutral)
    * arxiv.org/pdf/1811.04583 - focusses on orchestration, management and control (iterates through all the various vendors)

    #threatmodelling

  39. In tomorrow's OWASP 25th Anniversary Virtual Conference, two talks include mention of the OWASP Cornucopia card game.

    In "Stop Lecturing, Start Playing" at 11:00 CET Johan Sydseter will discuss how you can utilize games to scale your application security program. And in "Connecting the dots" at 14:00 Max Alejandro Gómez Sánchez Vergaray will share his experiences of creating an AppSec programme.

    #appsec #threatmodelling #software #applicationsecurity #owasp @sydseter

    owasp.glueup.com/event/owasp-2

  40. In tomorrow's OWASP 25th Anniversary Virtual Conference, two talks include mention of the OWASP Cornucopia card game.

    In "Stop Lecturing, Start Playing" at 11:00 CET Johan Sydseter will discuss how you can utilize games to scale your application security program. And in "Connecting the dots" at 14:00 Max Alejandro Gómez Sánchez Vergaray will share his experiences of creating an AppSec programme.

    #appsec #threatmodelling #software #applicationsecurity #owasp @sydseter

    owasp.glueup.com/event/owasp-2

  41. In tomorrow's OWASP 25th Anniversary Virtual Conference, two talks include mention of the OWASP Cornucopia card game.

    In "Stop Lecturing, Start Playing" at 11:00 CET Johan Sydseter will discuss how you can utilize games to scale your application security program. And in "Connecting the dots" at 14:00 Max Alejandro Gómez Sánchez Vergaray will share his experiences of creating an AppSec programme.

    #appsec #threatmodelling #software #applicationsecurity #owasp @sydseter

    owasp.glueup.com/event/owasp-2

  42. In tomorrow's OWASP 25th Anniversary Virtual Conference, two talks include mention of the OWASP Cornucopia card game.

    In "Stop Lecturing, Start Playing" at 11:00 CET Johan Sydseter will discuss how you can utilize games to scale your application security program. And in "Connecting the dots" at 14:00 Max Alejandro Gómez Sánchez Vergaray will share his experiences of creating an AppSec programme.

    #appsec #threatmodelling #software #applicationsecurity #owasp @sydseter

    owasp.glueup.com/event/owasp-2

  43. In tomorrow's OWASP 25th Anniversary Virtual Conference, two talks include mention of the OWASP Cornucopia card game.

    In "Stop Lecturing, Start Playing" at 11:00 CET Johan Sydseter will discuss how you can utilize games to scale your application security program. And in "Connecting the dots" at 14:00 Max Alejandro Gómez Sánchez Vergaray will share his experiences of creating an AppSec programme.

    #appsec #threatmodelling #software #applicationsecurity #owasp @sydseter

    owasp.glueup.com/event/owasp-2

  44. Application security specialist @sydseter mentioned to me this comprehensive web page by @adamshostack listing information security and privacy table-top games, including the card games OWASP Cornucopia @owasp and Digital Benefits and Disbenefits Cornucopia @DBD_Cornucopia

    Game on!

    #infosec #appsec #privacy #threatmodelling #ssdlc #gamification #games

    Shostack + Associates > Tabletop Security Games + Cards
    shostack.org/games

  45. Application security specialist @sydseter mentioned to me this comprehensive web page by @adamshostack listing information security and privacy table-top games, including the card games OWASP Cornucopia @owasp and Digital Benefits and Disbenefits Cornucopia @DBD_Cornucopia

    Game on!

    #infosec #appsec #privacy #threatmodelling #ssdlc #gamification #games

    Shostack + Associates > Tabletop Security Games + Cards
    shostack.org/games