1

2

Looking for a new training/certification. People who did OSWA (Web-200 by OffSec), how was it? (www.offsec.com)

submitted 1 week ago by [email protected] to c/[email protected]

0 comments fedilink

2

5

Cerbos Hub out of beta (infosec.pub)

submitted 1 month ago by [email protected] to c/[email protected]

0 comments fedilink

If you're interested in a way to implement Zero Trust principles like least-privilege access or make your access policies more granular without creating code bloat this is something to check out.

Cerbos Hub externalizes application permissions (RBAC/ABAC) and makes it easier to write and maintain fine-grained access policies without falling into a slow doom spiral of spaghetti code.

You write your policies in a central repo, and deploy as many containerized policy decision points as you need alongside the relevant services in your application. Policy checks are an API call. No single point of failure or lag issues.

You can maintain and monitor distributed policy decision points from one place. Make changes in Hub once and the changes are deployed everywhere. It supports PDPs deployed in serverless environments, at the edge or on device. There's a collaborative policy playground to write and test your policies. It has a central audit log of all the policy decisions that take place across your application.

3

Threat Modeling program milestones: A journey to scale (www.youtube.com)

submitted 1 month ago by [email protected] to c/[email protected]

0 comments fedilink

4

1

Recommended AppSec conferences in Europe? (infosec.pub)

submitted 6 months ago by [email protected] to c/[email protected]

0 comments fedilink

cross-posted from: https://infosec.pub/post/8123190

Hello everyone,

I work in appsec, my manager would like to send us to a conference this year. We are based in Europe, and the company would like to across intercontinental travel.

I have OWASP Global 2024 in Lisbon on my radar, as well as the BlackHat EU in London, is there any other conference you guys would recommend?

5

1

[tl;dr sec] #215 - Cloud Threat Landscape, Web LLM Security Labs, Azure Logs Primer (tldrsec.com)

submitted 6 months ago by [email protected] to c/[email protected]

0 comments fedilink

6

1

Signing Requests using RSA Keys (www.zaproxy.org)

submitted 6 months ago by [email protected] to c/[email protected]

0 comments fedilink

7

1

Stir Trek 2024: Call for Speakers (sessionize.com)

submitted 6 months ago by [email protected] to c/[email protected]

0 comments fedilink

8

1

We Must Consider Software Developers a Key Part of the Cybersecurity Workforce (www.cisa.gov)

submitted 6 months ago by [email protected] to c/[email protected]

0 comments fedilink

9

1

OWASP Foundation - 2024 Global AppSec Lisbon Call for Trainers (owasp.submittable.com)

submitted 7 months ago by [email protected] to c/[email protected]

0 comments fedilink

10

1

[tl;dr sec] #213 - AWS Secure Defaults, Damn Vulnerable LLM Agent, cdk-goat (tldrsec.com)

submitted 7 months ago by [email protected] to c/[email protected]

0 comments fedilink

11

1

Reasonable 🔐AppSec #33 - Signing Off '23 with a Bang: Five Security Articles, AppSec New Year's Resolutions, and Podcast Corner (appsec.beehiiv.com)

submitted 7 months ago by [email protected] to c/[email protected]

0 comments fedilink

12

1

Trustwave Transfers ModSecurity Custodianship to OWASP | OWASP Foundation (owasp.org)

submitted 7 months ago by [email protected] to c/[email protected]

0 comments fedilink

13

1

npm search RCE? - Escape Sequence Injection (blog.solidsnail.com)

submitted 8 months ago by [email protected] to c/[email protected]

0 comments fedilink

14

1

It’s not a Feature, It’s a Vulnerability (blog.solidsnail.com)

submitted 8 months ago by [email protected] to c/[email protected]

0 comments fedilink

cross-posted from: https://infosec.pub/post/5707149

I talk about a report I've made to MSRC in the beginning of the year regarding vscode.

It's a bit different. There's no in depth technical stuff, because I basically just reported the feature, not a bug.

15

1

GitHub Copilot, Amazon Code Whisperer emit people's API keys (www.theregister.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

16

1

Community review - OWASP Mobile Application Security risk assessment formula (mas.owasp.org)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

17

1

From Terminal Output to Arbitrary Remote Code Execution (blog.solidsnail.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

18

1

New OWASP Cheet Sheet on Mobile Securty (cheatsheetseries.owasp.org)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

Mobile Application Security Cheat Sheet

Mobile application development presents certain security challenges that are unique compared to web applications and other forms of software. This cheat sheet provides guidance on security considerations for mobile app development. It is not a comprehensive guide by any means, but rather a starting point for developers to consider security in their mobile app development.