Just finished "Alice and Bob learn Secure Coding" by @SheHacksPurple. I loved the language and framework agnostic parts. That said, the language specific part was also interesting.
I'm quite sure this book, and her book about Application Security will help me a lot next year argumenting about how and why to secure a project entering its maintenance phase and cannot ask a security team.
1/2
Genuine question for the #infosec community:
What's the biggest time sink in your year-end security review?
For me it was always the compliance evidence gathering. Exporting from 6 different tools, mapping to controls manually, reformatting for auditors.
Building a platform that auto-generates audit-ready reports across SOC2, PCI-DSS, ISO27001, HIPAA, and GDPR.
Curious what pain points others are hitting this time of year.
🎉 Big news! Early Bird tickets for OWASP Global AppSec Vienna 2026 are here!
25 years of OWASP ✨ Stunning Vienna 🇦🇹 World-class training 🧠 & a conference like no other 🔥
Why wait? Register now for early bird pricing: https://owasp.glueup.com/event/162243/register/
#appsec #owasp #cybersecurity #securebydesign
Auf nach HH, dieses Jahr auf dem #39c3: https://events.ccc.de/congress/2025/hub/en/assembly/detail/owasp_ka
Wir haben spontan ein Assembly im CCH organisiert, also kommt vorbei und schnackt mit uns über dieses und jenes.
Gerne auch Teilnehmende von anderen @owasp_de Stammtischen. #appsec #owasp
From pentesting tips to cloud defense, today’s curated cyber playlist has it all. 🎥 https://www.youtube.com/playlist?list=PLXqx05yil_mfNcK75BipgqSKfSNzEqbdU
#PenTesting #AppSec #CyberSecurity #ThreatIntelligence #IncidentResponse
Become a vendor at New England's leading application security conference. Since its start in 2012, OWASP BASC has consistently welcomed at least 150 attendees.
Sponsoring this event offers a remarkable chance to engage with top experts in application security and to expand your visibility within the OWASP Community in New England and beyond. For more information, please check out our sponsorship kit at www.basconf.org
New for Global AppSec Vienna! CFPods are OPEN 🎉
PODs = 2–3 hr, hands-on, small-group sessions running alongside the conference. Less listening, more doing 💪
Got an interactive idea? Submit now 👉 https://sessionize.com/owasp-global-appsec-eu-2026-cfpods/
⏰ Closes Feb 16, 2026
#appsec #owasp #cybersecurity
FYI: AppSec Tool: Speed, Accuracy, and False Positives! #shorts: What makes a good dev-centric AppSec tool? Speed is critical; aim for under 5 minutes. False positives erode trust, while false negatives are a problem too. Runtime security tools can offer rapid feedback. #AppSec #security #OWASP #Snyk #ContrastAssess https://www.youtube.com/shorts/oEIM1ckVpzE
What’s trending in cybersecurity today? Find out with the latest YouTube playlist we’ve curated. 👀 https://www.youtube.com/playlist?list=PLXqx05yil_meIrvnIdJC5ov7pBjKEpWG2
#Malware #Phishing #IncidentResponse #CyberAwareness #AppSec
What’s trending in cybersecurity today? Find out with the latest YouTube playlist we’ve curated. 👀 https://www.youtube.com/playlist?list=PLXqx05yil_mdRyPj4okTPJe4S19D8WtCo
#Malware #Phishing #IncidentResponse #CyberAwareness #AppSec
AI-generated code is reshaping the software supply chain - but governance gaps remain.
Only 24% of orgs fully assess IP, licensing, security & quality risks. SBOM validation strongly correlates with faster remediation.
AI-generated code is reshaping the software supply chain - but governance gaps remain.
Only 24% of orgs fully assess IP, licensing, security & quality risks. SBOM validation strongly correlates with faster remediation.
Thinking about attending the OWASP London Training Days?
https://londonowasptrainingdays2025.sched.com/event/2CRSZ
Watch this free video to get a taste of @dawidczagan’s training: Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access
HTTP Parameter Pollution - Video Tutorial https://www.youtube.com/watch?v=09ZJPcw_smE
#appsec #owasp
What’s trending in cybersecurity today? Find out with the latest YouTube playlist we’ve curated. 👀 https://www.youtube.com/playlist?list=PLXqx05yil_mcPhaA25nrT2W7TX3GVBdue
#Malware #Phishing #IncidentResponse #CyberAwareness #AppSec
🛡️ Thử thách Mạng cho Kỹ sư Bảo mật: 100+ câu hỏi về địa chỉ IP, subnetting, CIDR và phân đoạn mạng. Kiến thức nền tảng cho phỏng vấn tại GitLab, Stripe,... ⭐ Ghim repo trên GitHub để cập nhật bài tập mới!
#mạng_máy_tính #Bảo_mật_thông_tin #phỏng_vấn #AppSec #Kỹ_sư_Bảo_mật #mở_nguồn
https://dev.to/fosres/computer-networking-for-security-engineers-4397
🎉 Early Bird tickets are here for OWASP Global AppSec Vienna 2026!
Join us in Vienna to celebrate 25 years of OWASP with training (Jun 22–24) & conference (Jun 25–26) Expect: World-class Keynotes | 🛠️ Demos | 📱 MobileAppSecCon & more!
Register now 👉 https://owasp.glueup.com/event/162243/register/
#appsec #owasp
🔥 Trainer Spotlight: @MarisaFagan & @JulianeReimann! 🔥
Join their 1-Day Security Champions Program 🔐 Turn engineers into security heroes with hands-on exercises & strategies that make a real impact.
Register 👉 https://londonowasptrainingdays2025.sched.com/event/2CR17
Happy Holidays everyone!☃️We’re taking a break next week for our annual shutdown to celebrate another successful year and give our team time to recharge. 🙌
#doyensec #appsec #security
🎤 Ready to shine on the OWASP stage? Join our free event, “So You Want to Be an OWASP Speaker,” inspired by Who Wants to Be a Millionaire?
Learn to craft standout CfPs, deliver great talks, and boost your confidence, no lifelines needed!
Join us: https://owasp.glueup.com/event/so-you-want-to-be-an-owasp-speaker-virtual-event-163522/
ZAP 2.17.0 is now available!
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
https://www.zaproxy.org/blog/2025-12-15-zap-2-17-0/
#zaproxy #appsec
