Exciting news! 🌟 Be part of the action at #OWASP Global #AppSec USA in Washington, DC this November. ✨ Showcase your expertise and apply to speak at this fantastic event. Seize the opportunity to shine - submit your proposals here: https://sessionize.com/owasp-global-appsec-USA-2025-cfp2/ 🎤 #infosec #AI #devsecops
#devsecops
.NET versioning drama? Linux symlink sagas? 🤯 These can lead to scanner FPs/FNs! We explore how Syft & Grype tackle these complexities for more accurate results. Lessons from the trenches: https://anchore.com/blog/false-positives-and-false-negatives-in-vulnerability-scanning/
#SBOM #DevSecOps
Many organizations say they integrate security into CI/CD. But gaps remain:
⚠️ No policy enforcement
⚠️ #SBOM ignored
⚠️ Vulnerabilities slip through
We're breaking down how product security leaders can scale #DevSecOps maturity. Take a look 👉 https://finitestate.io/blog/devsecops-ci-cd-maturity-guide
"Works on my machine" isn't API design. Muaath Bin Ali explains how #Java APIs can fail in production — & how 11 simple #BestPractices can make them secure, scalable & future-proof!
Read #JAVAPRO: https://javapro.io/2025/06/04/best-practices-for-api-design-in-java/
Tried integrating ROS2 on Oracle Linux with SELinux—no go.
Switched to AppArmor on Ubuntu—easier, yes. Effective? Not quite.
colcon and AppArmor don’t play well together. Turns out, AppArmor’s simplicity can limit it in complex dev environments.
Here’s my story, what didn’t work, and where I’m heading next:
🔗 https://richard-sebos.github.io/sebostechnology/posts/AppArmor-ROS2/
Boosts appreciated if you think secure ROS2 needs better tooling. 🧵
#Linux #FOSS #ROS2 #AppArmor #SELinux #DevSecOps #Security #Robotics
Critical weaknesses in open-source ecosystems exposed by 6-year npm package evasion. Can AI agents be trusted with end-to-end development? #AI #DevSecOps #OpenSource #Cybersecurity
“It won't happen to me.” That's what #Tesla, #Atlassian & #Fortnite thought. Jonathan Vila walks you through the top hidden flaws still lurking in production code & how to shut the doors before it's too late.
Get smart: https://javapro.io/2025/04/29/top-security-flaws-injections/
Malicious RubyGems posing as Fastlane plugins were caught hijacking Telegram API data. If you use Fastlane with Telegram integration, check for suspicious packages and rotate your bot tokens now. Stay vigilant! #cybersecurity #devsecops https://redteamnews.com/red-team/malicious-rubygems-impersonate-fastlane-to-hijack-telegram-api-data/
🎯 Preparing for the Certified Kubernetes Security Specialist (CKS) exam?
🔐 Master Kubernetes security and boost your cloud native skills!
I’ve written a detailed blog covering:
✅ What’s in the CKS exam
✅ Key domains & tips
✅ How to prepare effectively
📖 Read it here: https://bit.ly/4knIgLR
#CKS #Kubernetes #DevSecOps #CloudNative #LinuxFoundation #CKSExam #KubernetesSecurity #OpenSource
Verizon's #DBIR2025 is sounding the alarm on software supply chains.
Over on the blog, Larry's breaking down how Finite State arms you against the threats in the DBIR. Take a look 👉 https://finitestate.io/blog/dbir-2025-supply-chain-chaos
#CyberSecurity #SupplyChainSecurity #SBOM #IoTSecurity #DevSecOps
#MCP is everywhere , here is a #PostgreSQL one
https://github.com/crystaldba/postgres-mcp
I wonder what kind of stories we will hear, I find MCP very useful but at the same time having LLM around tooling can be dangerous,
my suggestion is "input sanitization" and Keep It Simple meaning do not give more then necessary functionality to MCP, stay safe
OWASP Global AppSec US 2025 is happening Nov 3–7 in Washington, D.C.!
Join 800+ cybersecurity pros for hands-on training, expert-led sessions across 6 tracks, and plenty of networking.
🎤 Keynote speaker Adam Shostack, a leader in threat modeling and secure-by-design strategies. You won't want to miss him!
🎟️ Register Here: https://owasp.glueup.com/event/131624/register/
#OWASP #GlobalAppSecUS #Cybersecurity #ThreatModeling #DevSecOps #Hacking #AppSec2025 #WashingtonDC
We also discuss Dustin’s new venture, Katilyst (https://twp.ai/9PSKjV), a new startup focused on empowering engineering teams to take ownership of security in a practical, scalable way.
#RSAC2025 #SecurityChampions #Katilyst #AppSec #DevSecOps
2/2
Remember those pesky cross-ecosystem FPs? 😅 Or when symlinks made us scratch our heads? We're spilling the tea on how the team tackled false positives (and the move to GHSA that helped BIG time!). Dive in: https://anchore.com/blog/false-positives-and-false-negatives-in-vulnerability-scanning/
#OpenSource #DevSecOps
Shifting left on security isn't just a buzzword, it's essential. ➡️ Integrating security testing throughout the #SDLC with #DevSecOps practices helps catch vulnerabilities early, saving time & resources.
AI Coding Assistants Can be Both a Friend & a Foe
New research shows that GitLab's AI assistant, Duo, can be tricked into writing malicious code and even leaking private source data through hidden instructions embedded in developer content like merge requests and bug reports.
How? Through a classic prompt injection exploit that inserts secret commands into code that Duo reads. This results in Duo unknowingly outputting clickable malicious links or exposing confidential information.
While GitLab has taken steps to mitigate this, the takeaway is clear: AI assistants are now part of your attack surface. If you’re using tools like Duo, assume all inputs are untrusted, and rigorously review every output.
Read the details: https://arstechnica.com/security/2025/05/researchers-cause-gitlab-ai-developer-assistant-to-turn-safe-code-malicious/
#AIsecurity #GitLab #AI #PromptInjection #Cybersecurity #DevSecOps #CISO #Infosec #IT #AIAttackSurface #SoftwareSecurity #CISO
Join 800+ AppSec professionals, developers, and decision-makers in Washington, DC this November.
Sponsorship & exhibitor spots are open now—our Silver Package and Lanyard Sponsorship are already sold out!
✅ Boost brand visibility
✅ Connect with industry leaders
✅ Be part of the trusted OWASP community
👉 Register & Learn more: https://owasp.glueup.com/event/131624/register/
#OWASP #AppSecUSA2025 #Cybersecurity #Sponsorship #Exhibit #InfoSec #DevSecOps #WashingtonDC
Tired of vulnerability scanners crying wolf 🐺 or missing the mark? Our latest blog dives into the world of false positives & negatives, sharing real lessons from the trenches and how scanning is getting smarter. Read on: https://anchore.com/blog/false-positives-and-false-negatives-in-vulnerability-scanning/
#DevSecOps #VulnerabilityScanning
Безопасная сборка Docker-образов в CI: пошаговая инструкция
Привет, Хабр! Я Саша Лысенко, ведущий эксперт по безопасной разработке в К2 Кибербезопасность . Сейчас появилась куча инструментов для автоматизации рутинных задачи и все активно идут в эту сторону для оптимизации ресурсов и быстрых результатов. Так в DevOps внедрение CI/CD пайплайнов ускоряет разработку, деплой приложений, сокращает time to market. Автоматизация — незаменимый сегодня процесс, который при этом открывает отличные лазейки и для киберугроз. Далеко не все задумываются, кому и какие доступы раздают и к каким последствиям это может привести. Поэтому без учета кибербезопасности здесь появляются дополнительные риски инцидентов. В этой статье я поэтапно разобрал пример сборки Docker-образов в GitLab CI пайплайнах с учетом баланса между безопасностью автоматизированной разработки и скоростью процесса.
https://habr.com/ru/companies/k2tech/articles/914014/
#кибербезопасность #информационная_безопасность #devops #devsecops #разработка_приложений #деплой #docker_образы #gitlab_ci #безопасная_разработка #безопасная_разработка_приложений
We're at @owasp Global AppSec EU 2025 as a Golden Sponsor! 🎉
Stop by Booth G-02 to see how Xygeni helps you #FixFast and #ShipSecure with our new AI AutoFix. Grab some awesome merch & let's talk #AppSec!
#OWASP #AppSecEU2025 #Cybersecurity #DevSecOps #AI #InfoSec
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst