1

3

Snyk prices are getting very high. Has anyone moved away from them? Which alternative did you choose? (infosec.pub)

submitted 3 weeks ago by N7x@infosec.pub to c/appsec@infosec.pub

2 comments fedilink

Found this interesting list: https://list.latio.tech/

On the open source side, there is https://www.dependencytrack.org/

2

Looking for a new training/certification. People who did OSWA (Web-200 by OffSec), how was it? (www.offsec.com)

submitted 1 month ago by N7x@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

3

5

Cerbos Hub out of beta (infosec.pub)

submitted 2 months ago by Cerbokan@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

If you're interested in a way to implement Zero Trust principles like least-privilege access or make your access policies more granular without creating code bloat this is something to check out.

Cerbos Hub externalizes application permissions (RBAC/ABAC) and makes it easier to write and maintain fine-grained access policies without falling into a slow doom spiral of spaghetti code.

You write your policies in a central repo, and deploy as many containerized policy decision points as you need alongside the relevant services in your application. Policy checks are an API call. No single point of failure or lag issues.

You can maintain and monitor distributed policy decision points from one place. Make changes in Hub once and the changes are deployed everywhere. It supports PDPs deployed in serverless environments, at the edge or on device. There's a collaborative policy playground to write and test your policies. It has a central audit log of all the policy decisions that take place across your application.

4

3

Threat Modeling program milestones: A journey to scale (www.youtube.com)

submitted 3 months ago by N7x@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

5

1

Recommended AppSec conferences in Europe? (infosec.pub)

submitted 7 months ago by N7x@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

cross-posted from: https://infosec.pub/post/8123190

Hello everyone,

I work in appsec, my manager would like to send us to a conference this year. We are based in Europe, and the company would like to across intercontinental travel.

I have OWASP Global 2024 in Lisbon on my radar, as well as the BlackHat EU in London, is there any other conference you guys would recommend?

6

1

[tl;dr sec] #215 - Cloud Threat Landscape, Web LLM Security Labs, Azure Logs Primer (tldrsec.com)

submitted 8 months ago by N7x@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

7

1

Signing Requests using RSA Keys (www.zaproxy.org)

submitted 8 months ago by N7x@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

8

1

Stir Trek 2024: Call for Speakers (sessionize.com)

submitted 8 months ago by N7x@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

9

1

We Must Consider Software Developers a Key Part of the Cybersecurity Workforce (www.cisa.gov)

submitted 8 months ago by N7x@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

10

1

OWASP Foundation - 2024 Global AppSec Lisbon Call for Trainers (owasp.submittable.com)

submitted 8 months ago by N7x@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

11

1

[tl;dr sec] #213 - AWS Secure Defaults, Damn Vulnerable LLM Agent, cdk-goat (tldrsec.com)

submitted 8 months ago by N7x@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

12

1

Reasonable 🔐AppSec #33 - Signing Off '23 with a Bang: Five Security Articles, AppSec New Year's Resolutions, and Podcast Corner (appsec.beehiiv.com)

submitted 8 months ago by N7x@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

13

1

Trustwave Transfers ModSecurity Custodianship to OWASP | OWASP Foundation (owasp.org)

submitted 8 months ago by N7x@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

14

1

npm search RCE? - Escape Sequence Injection (blog.solidsnail.com)

submitted 9 months ago by solidsnail@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

15

1

It’s not a Feature, It’s a Vulnerability (blog.solidsnail.com)

submitted 10 months ago by solidsnail@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

cross-posted from: https://infosec.pub/post/5707149

I talk about a report I've made to MSRC in the beginning of the year regarding vscode.

It's a bit different. There's no in depth technical stuff, because I basically just reported the feature, not a bug.

16

1

GitHub Copilot, Amazon Code Whisperer emit people's API keys (www.theregister.com)

submitted 1 year ago by N7x@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

17

1

Community review - OWASP Mobile Application Security risk assessment formula (mas.owasp.org)

submitted 1 year ago by N7x@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

18

1

From Terminal Output to Arbitrary Remote Code Execution (blog.solidsnail.com)

submitted 1 year ago by solidsnail@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

19

1

New OWASP Cheet Sheet on Mobile Securty (cheatsheetseries.owasp.org)

submitted 1 year ago by mwguy@infosec.pub to c/appsec@infosec.pub

0 comments fedilink

Mobile Application Security Cheat Sheet

Mobile application development presents certain security challenges that are unique compared to web applications and other forms of software. This cheat sheet provides guidance on security considerations for mobile app development. It is not a comprehensive guide by any means, but rather a starting point for developers to consider security in their mobile app development.