home.social
Sign in Create account

#threatmodelling — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #threatmodelling, aggregated by home.social.

  1. Colin Watson @[email protected] ·

    Could something be skipping though the "customer interaction" points in your application?

    BOT3 from the OWASP Cornucopia Companion illustrates how automation at scale can be used on gambling sites to make bets fast & furiously, skipping past all the checks and balances, warnings, up-selling and regulatory information.

    Read the whole scenario at cornucopia.owasp.org/edition/c

    Details of new release at cornucopia.owasp.org/news/2026

    @owasp #appsec #devops #devsecops #threatmodelling #eop #owasp #cornucopia

    #appsec #devops #devsecops #threatmodelling #eop #owasp
  2. Colin Watson @[email protected] ·

    Could something be skipping though the "customer interaction" points in your application?

    BOT3 from the OWASP Cornucopia Companion illustrates how automation at scale can be used on gambling sites to make bets fast & furiously, skipping past all the checks and balances, warnings, up-selling and regulatory information.

    Read the whole scenario at cornucopia.owasp.org/edition/c

    Details of new release at cornucopia.owasp.org/news/2026

    @owasp #appsec #devops #devsecops #threatmodelling #eop #owasp #cornucopia

    #appsec #devops #devsecops #threatmodelling #eop #owasp
  3. Colin Watson @[email protected] ·

    Could something be skipping though the "customer interaction" points in your application?

    BOT3 from the OWASP Cornucopia Companion illustrates how automation at scale can be used on gambling sites to make bets fast & furiously, skipping past all the checks and balances, warnings, up-selling and regulatory information.

    Read the whole scenario at cornucopia.owasp.org/edition/c

    Details of new release at cornucopia.owasp.org/news/2026

    @owasp #appsec #devops #devsecops #threatmodelling #eop #owasp #cornucopia

    #appsec #devops #devsecops #threatmodelling #eop #owasp
  4. Colin Watson @[email protected] ·

    Could something be skipping though the "customer interaction" points in your application?

    BOT3 from the OWASP Cornucopia Companion illustrates how automation at scale can be used on gambling sites to make bets fast & furiously, skipping past all the checks and balances, warnings, up-selling and regulatory information.

    Read the whole scenario at cornucopia.owasp.org/edition/c

    Details of new release at cornucopia.owasp.org/news/2026

    @owasp #appsec #devops #devsecops #threatmodelling #eop #owasp #cornucopia

    #cornucopia #owasp #eop #threatmodelling #devsecops #devops
  5. Colin Watson @[email protected] ·

    Could something be skipping though the "customer interaction" points in your application?

    BOT3 from the OWASP Cornucopia Companion illustrates how automation at scale can be used on gambling sites to make bets fast & furiously, skipping past all the checks and balances, warnings, up-selling and regulatory information.

    Read the whole scenario at cornucopia.owasp.org/edition/c

    Details of new release at cornucopia.owasp.org/news/2026

    @owasp #appsec #devops #devsecops #threatmodelling #eop #owasp #cornucopia

    #appsec #devops #devsecops #threatmodelling #eop #owasp
  6. Colin Watson @[email protected] ·

    Open source and free. Download print-ready files and play Cornucopia together, browse the cards online, or play games online with remote team members.

    cornucopia.owasp.org

    copi.owasp.org

    If you prefer, printed decks are available to purchase from a vendor as a dual-packaged Website App Edition x Companion Edition combination set:

    cybersecgames.com/pages/owasp-

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    2/2

    #owasp #cornucopia #eop #stride #threatmodelling #devops
  7. Colin Watson @[email protected] ·

    Open source and free. Download print-ready files and play Cornucopia together, browse the cards online, or play games online with remote team members.

    cornucopia.owasp.org

    copi.owasp.org

    If you prefer, printed decks are available to purchase from a vendor as a dual-packaged Website App Edition x Companion Edition combination set:

    cybersecgames.com/pages/owasp-

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    2/2

    #owasp #cornucopia #eop #stride #threatmodelling #devops
  8. Colin Watson @[email protected] ·

    Open source and free. Download print-ready files and play Cornucopia together, browse the cards online, or play games online with remote team members.

    cornucopia.owasp.org

    copi.owasp.org

    If you prefer, printed decks are available to purchase from a vendor as a dual-packaged Website App Edition x Companion Edition combination set:

    cybersecgames.com/pages/owasp-

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    2/2

    #owasp #cornucopia #eop #stride #threatmodelling #devops
  9. Colin Watson @[email protected] ·

    Open source and free. Download print-ready files and play Cornucopia together, browse the cards online, or play games online with remote team members.

    cornucopia.owasp.org

    copi.owasp.org

    If you prefer, printed decks are available to purchase from a vendor as a dual-packaged Website App Edition x Companion Edition combination set:

    cybersecgames.com/pages/owasp-

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    2/2

    #infosec #appsec #devopsec #devops #threatmodelling #stride
  10. Colin Watson @[email protected] ·

    Open source and free. Download print-ready files and play Cornucopia together, browse the cards online, or play games online with remote team members.

    cornucopia.owasp.org

    copi.owasp.org

    If you prefer, printed decks are available to purchase from a vendor as a dual-packaged Website App Edition x Companion Edition combination set:

    cybersecgames.com/pages/owasp-

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    2/2

    #owasp #cornucopia #eop #stride #threatmodelling #devops
  11. Colin Watson @[email protected] ·

    The new Companion Deck for OWASP Cornucopia includes six novel suits to assist threat modelling of Agentic AI, Cloud, DevOps, Frontend, LLM and Automation. The suits can be used alone or in combination with suits from either existing Cornucopia decks: the Website App Edition or Mobile App Edition. My main contribution to this is the Automated Threats (BOT) suit.

    cornucopia.owasp.org/news/2026

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    1/2

    #owasp #cornucopia #eop #stride #threatmodelling #devops
  12. Colin Watson @[email protected] ·

    The new Companion Deck for OWASP Cornucopia includes six novel suits to assist threat modelling of Agentic AI, Cloud, DevOps, Frontend, LLM and Automation. The suits can be used alone or in combination with suits from either existing Cornucopia decks: the Website App Edition or Mobile App Edition. My main contribution to this is the Automated Threats (BOT) suit.

    cornucopia.owasp.org/news/2026

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    1/2

    #owasp #cornucopia #eop #stride #threatmodelling #devops
  13. Colin Watson @[email protected] ·

    The new Companion Deck for OWASP Cornucopia includes six novel suits to assist threat modelling of Agentic AI, Cloud, DevOps, Frontend, LLM and Automation. The suits can be used alone or in combination with suits from either existing Cornucopia decks: the Website App Edition or Mobile App Edition. My main contribution to this is the Automated Threats (BOT) suit.

    cornucopia.owasp.org/news/2026

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    1/2

    #owasp #cornucopia #eop #stride #threatmodelling #devops
  14. Colin Watson @[email protected] ·

    The new Companion Deck for OWASP Cornucopia includes six novel suits to assist threat modelling of Agentic AI, Cloud, DevOps, Frontend, LLM and Automation. The suits can be used alone or in combination with suits from either existing Cornucopia decks: the Website App Edition or Mobile App Edition. My main contribution to this is the Automated Threats (BOT) suit.

    cornucopia.owasp.org/news/2026

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    1/2

    #infosec #appsec #devopsec #devops #threatmodelling #stride
  15. Colin Watson @[email protected] ·

    The new Companion Deck for OWASP Cornucopia includes six novel suits to assist threat modelling of Agentic AI, Cloud, DevOps, Frontend, LLM and Automation. The suits can be used alone or in combination with suits from either existing Cornucopia decks: the Website App Edition or Mobile App Edition. My main contribution to this is the Automated Threats (BOT) suit.

    cornucopia.owasp.org/news/2026

    @owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec

    1/2

    #owasp #cornucopia #eop #stride #threatmodelling #devops
  16. Colin Watson @[email protected] ·

    Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.

    The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).

    cornucopia.owasp.org/news/2026

    @owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp

    #appsec #devops #devsecops #threatmodelling #owasp
  17. Colin Watson @[email protected] ·

    Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.

    The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).

    cornucopia.owasp.org/news/2026

    @owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp

    #appsec #devops #devsecops #threatmodelling #owasp
  18. Colin Watson @[email protected] ·

    Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.

    The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).

    cornucopia.owasp.org/news/2026

    @owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp

    #appsec #devops #devsecops #threatmodelling #owasp
  19. Colin Watson @[email protected] ·

    Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.

    The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).

    cornucopia.owasp.org/news/2026

    @owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp

    #owasp #threatmodelling #devsecops #devops #appsec
  20. Colin Watson @[email protected] ·

    Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.

    The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).

    cornucopia.owasp.org/news/2026

    @owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp

    #appsec #devops #devsecops #threatmodelling #owasp
  21. Colin Watson @[email protected] ·

    In tomorrow's OWASP 25th Anniversary Virtual Conference, two talks include mention of the OWASP Cornucopia card game.

    In "Stop Lecturing, Start Playing" at 11:00 CET Johan Sydseter will discuss how you can utilize games to scale your application security program. And in "Connecting the dots" at 14:00 Max Alejandro Gómez Sánchez Vergaray will share his experiences of creating an AppSec programme.

    #appsec #threatmodelling #software #applicationsecurity #owasp @sydseter

    owasp.glueup.com/event/owasp-2

    #appsec #threatmodelling #software #applicationsecurity #owasp
  22. Colin Watson @[email protected] ·

    In tomorrow's OWASP 25th Anniversary Virtual Conference, two talks include mention of the OWASP Cornucopia card game.

    In "Stop Lecturing, Start Playing" at 11:00 CET Johan Sydseter will discuss how you can utilize games to scale your application security program. And in "Connecting the dots" at 14:00 Max Alejandro Gómez Sánchez Vergaray will share his experiences of creating an AppSec programme.

    #appsec #threatmodelling #software #applicationsecurity #owasp @sydseter

    owasp.glueup.com/event/owasp-2

    #appsec #threatmodelling #software #applicationsecurity #owasp
  23. Colin Watson @[email protected] ·

    In tomorrow's OWASP 25th Anniversary Virtual Conference, two talks include mention of the OWASP Cornucopia card game.

    In "Stop Lecturing, Start Playing" at 11:00 CET Johan Sydseter will discuss how you can utilize games to scale your application security program. And in "Connecting the dots" at 14:00 Max Alejandro Gómez Sánchez Vergaray will share his experiences of creating an AppSec programme.

    #appsec #threatmodelling #software #applicationsecurity #owasp @sydseter

    owasp.glueup.com/event/owasp-2

    #appsec #threatmodelling #software #applicationsecurity #owasp
  24. Colin Watson @[email protected] ·

    In tomorrow's OWASP 25th Anniversary Virtual Conference, two talks include mention of the OWASP Cornucopia card game.

    In "Stop Lecturing, Start Playing" at 11:00 CET Johan Sydseter will discuss how you can utilize games to scale your application security program. And in "Connecting the dots" at 14:00 Max Alejandro Gómez Sánchez Vergaray will share his experiences of creating an AppSec programme.

    #appsec #threatmodelling #software #applicationsecurity #owasp @sydseter

    owasp.glueup.com/event/owasp-2

    #owasp #applicationsecurity #software #threatmodelling #appsec
  25. Colin Watson @[email protected] ·

    In tomorrow's OWASP 25th Anniversary Virtual Conference, two talks include mention of the OWASP Cornucopia card game.

    In "Stop Lecturing, Start Playing" at 11:00 CET Johan Sydseter will discuss how you can utilize games to scale your application security program. And in "Connecting the dots" at 14:00 Max Alejandro Gómez Sánchez Vergaray will share his experiences of creating an AppSec programme.

    #appsec #threatmodelling #software #applicationsecurity #owasp @sydseter

    owasp.glueup.com/event/owasp-2

    #appsec #threatmodelling #software #applicationsecurity #owasp
  26. Colin Watson @[email protected] ·

    Application security specialist @sydseter mentioned to me this comprehensive web page by @adamshostack listing information security and privacy table-top games, including the card games OWASP Cornucopia @owasp and Digital Benefits and Disbenefits Cornucopia @DBD_Cornucopia

    Game on!

    #infosec #appsec #privacy #threatmodelling #ssdlc #gamification #games

    Shostack + Associates > Tabletop Security Games + Cards
    shostack.org/games

    #infosec #appsec #privacy #threatmodelling #ssdlc #gamification
  27. Khürt Williams @[email protected] ·

    On Architectural Literacy

    I’ve been reflecting on how technical grounding influences architectural judgement — especially in distributed, cloud-native systems.

    islandinthenet.com/on-architec

    #applicationsecurity #cybersecurityarchitecture #riskassessment #securesoftwaredesign #securityarchitecture #softwareliteracy
  28. Khürt Williams @[email protected] ·

    On Architectural Literacy

    I’ve been reflecting on how technical grounding influences architectural judgement — especially in distributed, cloud-native systems.

    islandinthenet.com/on-architec

    #applicationsecurity #cybersecurityarchitecture #riskassessment #securesoftwaredesign #securityarchitecture #softwareliteracy
  29. Claudius Link @[email protected] ·

    Through the upcoming #PapersInSystems discussion I discovered Nancy G. Leveson and her work on #SafetyEngineering and software safety through a systemic perspective

    It is fascinating and feels very applicable to #cybersecurity

    In their approach STAMP
    (System-Theoretic Accident Model and Processes) safety is treated as a dynamic control problem rather than a failure prevention problem and especially takes emergent properties into account. (Emergent properties, are properties that are not in the summation of the individual components but "emerge” when the components interact)

    There are a lot of touchpoints with security #ThreatModelling

    Therfore cc @adamshostack
    Maybe the event is interesting for you?

    Discussion session: How to Perform Hazard Analysis on a "System-of-Systems" by Nancy Leveson
    Monday, May 6th, 2024, 1 PM - 2 PM Eastern Time (US/Canada).

    See @RuthMalan post mastodon.social/@RuthMalan/112

    #papersinsystems #safetyengineering #cybersecurity #threatmodelling
  30. Tim (Wadhwa-)Brown :donor: @[email protected] ·

    Slides are up from Snoop Con, looking at some of our recent work modelling, red teaming and hunting in telco networks: github.com/CiscoCXSecurity/pre

    #ossbss, #bgp, #mpls, #ss7, #diameter, #gtp, #threatmodelling, #redteam, #blueteam

    #ossbss #bgp #mpls #ss7 #diameter #gtp