Recent searches

No recent searches

Search options

Only available when logged in.
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Administered by:

Server stats:

482
active users

101010.pl: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.5.0-alpha.1

#threatmodeling

0 posts0 participants0 posts today
OWASP Germany Chapter :verified:<p>OWASP <a href="https://infosec.exchange/tags/Hamburg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hamburg</span></a> sports a double <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> Feature for its 15 year anniversary 🎂🎉 on July 16th</p><p>* Niklas Bunzel: AI Security &amp; Privacy: From Prompt Injection to Multimodal Evasion (on site)<br>*: Susanna Cox: Threat Modeling AI: Beyond the Hype and Theater to Proactive Security (remote)</p><p>Details: <br><a href="https://www.meetup.com/owasp-hamburg-stammtisch/events/308558262/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">meetup.com/owasp-hamburg-stamm</span><span class="invisible">tisch/events/308558262/</span></a></p><p><a href="https://infosec.exchange/tags/AiResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AiResearch</span></a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodeling</span></a></p>
Adam Shostack :donor: :rebelverified:<p>Nice list of things to listen for from <span class="h-card" translate="no"><a href="https://infosec.exchange/@kaoudis" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kaoudis</span></a></span> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatmodeling</span></a> but more broad. <a href="https://infosec.exchange/tags/tmcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tmcon</span></a></p>
Emory

i know SMBs are a bit more hand-holdy than enterprise customers, but that doesn't really bother me when it comes to #threatmodeling or this #ransomwareRemediation thing i'm talking about lately. i genuinely like learning how people work. i have a somewhat unusual philosophy on #tech which is i don't solve every problem by throwing bigger computers at it unless that person is like "it would be life changing to have a bigger computer" (bigger = higher performance not literal size, Amelia Bedelia.

*
BSides Boulder

⚡ Attackers are more regularly targeting industrial control systems (ICS) on Operational Technology (OT), which have led to devistating real world consequences 😵

Trace attack paths in ICS with Gilberto "Gil" Garcia's #BSidesBoulder25 talk "Attack Path Modeling for Securing ICS/OT Systems"! Attendees will learn how to visualize adversary movements, focus on crown jewels, and turn free tools and threat intel into actionable defense strategies through understanding attacker workflows.
Garcia's session will also delve into frameworks, modeling techniques, and the integration of intelligence-driven security measures to strengthen ICS/OT resilience - because in critical infrastructure, guesswork isn’t a good option! 🛠️🔌 #BSides #BSidesBoulder #ICS #CyberSecurity #OTSecurity #ThreatModeling

Tickets are available for purchase for our 13 June event here: eventbrite.com/e/bsides-boulde

EventbriteBSides Boulder 2025BSides Boulder is an annual conference with the mission of increasing cybersecurity awareness within the Boulder, Colorado community.
Paco Hope #resist

I have seen a lot of efforts to use an #LLM to create a #ThreatModel. I have some insights.

Attempts at #AI #ThreatModeling tend to do 3 things wrong:

  1. They assume that the user's input is both complete and correct. The LLM (in the implementations I've seen) never questions "are you sure?" and it never prompts the user like "you haven't told me X, what about X?"
  2. Lots of teams treat a threat model as a deliverable. Like we go build our code, get ready to ship, and then "oh, shit! Security wants a threat model. Quick, go make one." So it's not this thing that informs any development choices during development. It's an afterthought that gets built just prior to #AppSec review.
  3. Lots of people think you can do an adequate threat model with only technical artifacts (code, architectuer, data flow, documentation, etc.). There's business context that needs to be part of every decision, and teams are just ignoring that.

1/n

Neil Madden

I've updated the illuminated security #threatmodeling workbook, designed for either pen&paper or #reMarkable2 use. It's now a lot more detailed and with hyperlinked sections. At some point I'll get around to documenting how to use it, but if you've read @adamshostack 's book it should be self-explanatory. Entirely free to download, use etc - CC-BY-SA licensed.

illuminated-security.com/threa

illuminated · Threat Modelling WorkbookThis workbook for threat modelling using a STRIDE-per-element approach is shared under a Creative Commons licence: CC-BY-SA Threat Model Workbook v2Download
OWASP Foundation

The Full Agenda for OWASP Global AppSec EU 2025 is LIVE! 🎉

Get ready for an unparalleled lineup of security experts, cutting-edge talks, and hands-on training sessions in Barcelona! Whether you specialize in DevSecOps, threat modeling, AI security, or AppSec automation, there’s something for everyone.

📍 Check out the full agenda and secure your spot today! owasp.glueup.com/event/owasp-g

#owaspglobalappseceu2025#Barcelona#AI
TrendingLive feeds
About