Uncle Joe
@sydseter.com
Co-leader OWASP Cornucopia. If you like what we do for open source, visit our code repository https://github.com/OWASP/cornucopia and give us a star ⭐
🌈 «Difference is of the essence of humanity» 🦄 – John Hume
#appsec #owasp #cornucopia #threatmodeling
🌈 «Difference is of the essence of humanity» 🦄 – John Hume
#appsec #owasp #cornucopia #threatmodeling
Pinned
Uncle Joe
@sydseter.com
· Nov 25
If you want others to do threat modeling for you, then please, for the love of god, at least, make it a bit fun!
copi.owasp.org
cornucopia.owasp.org
#owasp #cornucopia #appsec #threatmodeling #threat-modeling
copi.owasp.org
cornucopia.owasp.org
#owasp #cornucopia #appsec #threatmodeling #threat-modeling
Reposted by Uncle Joe
Are you the next card game designer for OWASP Cornucopia Website Edition v3.0?
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
OWASP Cornucopia 3.0 - A call for card game designers!
Would you like to be our card game designer for the OWASP Cornucopia Website Edition...
dev.to
November 13, 2025 at 12:28 PM
Are you the next card game designer for OWASP Cornucopia Website Edition v3.0?
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Are you the next card game designer for OWASP Cornucopia Website Edition v3.0?
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
OWASP Cornucopia 3.0 - A call for card game designers!
Would you like to be our card game designer for the OWASP Cornucopia Website Edition...
dev.to
November 13, 2025 at 12:28 PM
Are you the next card game designer for OWASP Cornucopia Website Edition v3.0?
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Reposted by Uncle Joe
there should be some kind of digital death penalty where you're banned from using the computer for life if you're caught selling "phishing for dummies" SaaS
www.theverge.com/news/818554/...
www.theverge.com/news/818554/...
November 12, 2025 at 4:24 PM
there should be some kind of digital death penalty where you're banned from using the computer for life if you're caught selling "phishing for dummies" SaaS
www.theverge.com/news/818554/...
www.theverge.com/news/818554/...
Reposted by Uncle Joe
What if security wasn’t a firefight?
Facebook’s “Privacy Waves” program bakes privacy work into a monthly rhythm — predictable, repeatable, scalable.
Maybe the real AppSec unlock isn’t more tech.
It’s cadence.
Make security routine, not reactive.
is.gd/g073ju
Facebook’s “Privacy Waves” program bakes privacy work into a monthly rhythm — predictable, repeatable, scalable.
Maybe the real AppSec unlock isn’t more tech.
It’s cadence.
Make security routine, not reactive.
is.gd/g073ju
Shostack + Friends Blog > Secure By Design roundup - October 2025
Phil Venables is releasing a masterclass; new guidance from SAFECode, a new paper from JPMorganChase on their tools, how Facebook uses “waves”, a new AI shared responsibility model and more!
is.gd
November 12, 2025 at 3:26 PM
What if security wasn’t a firefight?
Facebook’s “Privacy Waves” program bakes privacy work into a monthly rhythm — predictable, repeatable, scalable.
Maybe the real AppSec unlock isn’t more tech.
It’s cadence.
Make security routine, not reactive.
is.gd/g073ju
Facebook’s “Privacy Waves” program bakes privacy work into a monthly rhythm — predictable, repeatable, scalable.
Maybe the real AppSec unlock isn’t more tech.
It’s cadence.
Make security routine, not reactive.
is.gd/g073ju
On inauguration day, Trump received greetings from leaders around the world, from Putin, Trump received a Fabergé egg made of gold, diamond and rubies...
and inside a USB stick.
He put the USB stick in his computer that started a funny video greeting from Putin with two topless women which Trump enjoyed very much.
Later that day, the computer stopped working so Trump rebooted and discovered his computer had been encrypted with ransomware...
(2/7)
He put the USB stick in his computer that started a funny video greeting from Putin with two topless women which Trump enjoyed very much.
Later that day, the computer stopped working so Trump rebooted and discovered his computer had been encrypted with ransomware...
(2/7)
November 12, 2025 at 11:06 PM
On inauguration day, Trump received greetings from leaders around the world, from Putin, Trump received a Fabergé egg made of gold, diamond and rubies...
Reposted by Uncle Joe
Reposted by Uncle Joe
happy epstein thermonuclear launch day to all who celebrate
November 12, 2025 at 6:01 PM
happy epstein thermonuclear launch day to all who celebrate
Reposted by Uncle Joe
Hey #bsky!
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
November 11, 2025 at 4:33 PM
Hey #bsky!
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Hey #bsky!
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
November 11, 2025 at 4:33 PM
Hey #bsky!
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Reposted by Uncle Joe
The other day my brother called me while on the job driving my stepfather‘s cab. „Bro, do you know what your IQ is?“ „No, I never bothered to check?!“ „Well, do it! I‘ll send you a link. I scored a 175 on an IQ test with just answering some simple questions:
(1/2)
(1/2)
January 13, 2025 at 11:02 PM
The other day my brother called me while on the job driving my stepfather‘s cab. „Bro, do you know what your IQ is?“ „No, I never bothered to check?!“ „Well, do it! I‘ll send you a link. I scored a 175 on an IQ test with just answering some simple questions:
(1/2)
(1/2)
Reposted by Uncle Joe
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Overview - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
November 9, 2025 at 1:08 PM
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Reposted by Uncle Joe
Did you know that according to ISO 27001, 8.28 Secure coding, pair programming, refactoring, and test-driven development are considered to be secure coding practices?
Next time someone ask, shh, just let it happen!
Next time someone ask, shh, just let it happen!
November 7, 2025 at 8:25 AM
Did you know that according to ISO 27001, 8.28 Secure coding, pair programming, refactoring, and test-driven development are considered to be secure coding practices?
Next time someone ask, shh, just let it happen!
Next time someone ask, shh, just let it happen!
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Overview - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
November 9, 2025 at 1:08 PM
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
The local Sri Lankan babysitter is caching in on far-right sentiment in UK using AI and Deepfakes for clickbaiting. Can’t blame them for trying to earn the extra bucks, but what about the consequences for Democracy?
Is democracy for sale on social media?
Should AI and social media play such a role?
Is democracy for sale on social media?
Should AI and social media play such a role?
How “pro-Britain” Facebook groups run from outside the UK are cashing in on anti-immigrant sentiment & sucking in Reform councillors. My latest for @theleaduk.bsky.social
national.thelead.uk/p/reform-cou...
national.thelead.uk/p/reform-cou...
Bots, AI memes and Reform councillors: How foreign Facebook pages are hijacking UK patriotism
Fake British “patriot” pages run from abroad are fooling thousands – including elected councillors.
national.thelead.uk
November 8, 2025 at 11:08 AM
The local Sri Lankan babysitter is caching in on far-right sentiment in UK using AI and Deepfakes for clickbaiting. Can’t blame them for trying to earn the extra bucks, but what about the consequences for Democracy?
Is democracy for sale on social media?
Should AI and social media play such a role?
Is democracy for sale on social media?
Should AI and social media play such a role?
AI will be one of the biggest challenges, yet, to democracy around the world. Fascism just got a incredible tool added to their toolbox.
How “pro-Britain” Facebook groups run from outside the UK are cashing in on anti-immigrant sentiment & sucking in Reform councillors. My latest for @theleaduk.bsky.social
national.thelead.uk/p/reform-cou...
national.thelead.uk/p/reform-cou...
Bots, AI memes and Reform councillors: How foreign Facebook pages are hijacking UK patriotism
Fake British “patriot” pages run from abroad are fooling thousands – including elected councillors.
national.thelead.uk
November 8, 2025 at 10:40 AM
AI will be one of the biggest challenges, yet, to democracy around the world. Fascism just got a incredible tool added to their toolbox.
Did you know that according to ISO 27001, 8.28 Secure coding, pair programming, refactoring, and test-driven development are considered to be secure coding practices?
Next time someone ask, shh, just let it happen!
Next time someone ask, shh, just let it happen!
November 7, 2025 at 8:25 AM
Did you know that according to ISO 27001, 8.28 Secure coding, pair programming, refactoring, and test-driven development are considered to be secure coding practices?
Next time someone ask, shh, just let it happen!
Next time someone ask, shh, just let it happen!
OWASP Top 10 2025 is going live now at owasp.org/Top10/
New is:
A03:2025 Software Supply Chain Failures
and…
A10:2025 Mishandling of Exceptional Conditions
The last one based on assessments done with OWASP SAMM core team members. I can take no credit here whatsoever. Congratulations!
New is:
A03:2025 Software Supply Chain Failures
and…
A10:2025 Mishandling of Exceptional Conditions
The last one based on assessments done with OWASP SAMM core team members. I can take no credit here whatsoever. Congratulations!
November 6, 2025 at 7:02 PM
OWASP Top 10 2025 is going live now at owasp.org/Top10/
New is:
A03:2025 Software Supply Chain Failures
and…
A10:2025 Mishandling of Exceptional Conditions
The last one based on assessments done with OWASP SAMM core team members. I can take no credit here whatsoever. Congratulations!
New is:
A03:2025 Software Supply Chain Failures
and…
A10:2025 Mishandling of Exceptional Conditions
The last one based on assessments done with OWASP SAMM core team members. I can take no credit here whatsoever. Congratulations!
Games aren't just for fun, they're essential for our survival.
We often think of playing and gaming as unique to humans, but research shows otherwise. All animals with a brain play, even bumblebees.
These nine panels show the sequence of a ball-rolling action, lasting, in this instance, ca.4s. (1/4)
We often think of playing and gaming as unique to humans, but research shows otherwise. All animals with a brain play, even bumblebees.
These nine panels show the sequence of a ball-rolling action, lasting, in this instance, ca.4s. (1/4)
November 6, 2025 at 5:17 PM
Games aren't just for fun, they're essential for our survival.
We often think of playing and gaming as unique to humans, but research shows otherwise. All animals with a brain play, even bumblebees.
These nine panels show the sequence of a ball-rolling action, lasting, in this instance, ca.4s. (1/4)
We often think of playing and gaming as unique to humans, but research shows otherwise. All animals with a brain play, even bumblebees.
These nine panels show the sequence of a ball-rolling action, lasting, in this instance, ca.4s. (1/4)
Reposted by Uncle Joe
📡 OWASP Secure Headers Project:
- We added information about the HTTP response header "X-DNS-Prefetch-Control".
- We added the tool "shcheck" to the list of analysis tools.
#appsec #appsecurity #owasp_shp
- We added information about the HTTP response header "X-DNS-Prefetch-Control".
- We added the tool "shcheck" to the list of analysis tools.
#appsec #appsecurity #owasp_shp
November 5, 2025 at 5:28 AM
📡 OWASP Secure Headers Project:
- We added information about the HTTP response header "X-DNS-Prefetch-Control".
- We added the tool "shcheck" to the list of analysis tools.
#appsec #appsecurity #owasp_shp
- We added information about the HTTP response header "X-DNS-Prefetch-Control".
- We added the tool "shcheck" to the list of analysis tools.
#appsec #appsecurity #owasp_shp
As in sex, the same goes for privacy, consent must be active, clear, knowing, ongoing, voluntary, and is always REQUIRED!
You don’t need to ask for consent until the user says yes repeatedly. I know that means you may not get lucky, but it’s an excellent way to ensure you keep your friendships.
You don’t need to ask for consent until the user says yes repeatedly. I know that means you may not get lucky, but it’s an excellent way to ensure you keep your friendships.
November 4, 2025 at 7:07 AM
As in sex, the same goes for privacy, consent must be active, clear, knowing, ongoing, voluntary, and is always REQUIRED!
You don’t need to ask for consent until the user says yes repeatedly. I know that means you may not get lucky, but it’s an excellent way to ensure you keep your friendships.
You don’t need to ask for consent until the user says yes repeatedly. I know that means you may not get lucky, but it’s an excellent way to ensure you keep your friendships.
I am so tiered of explaining to people about privacy and cookies, so here is an allegory for you.
As in sex, the same goes for privacy, consent must be active, clear, knowing, ongoing, voluntary and is always REQUIRED!
As in sex, the same goes for privacy, consent must be active, clear, knowing, ongoing, voluntary and is always REQUIRED!
November 3, 2025 at 4:01 PM
I am so tiered of explaining to people about privacy and cookies, so here is an allegory for you.
As in sex, the same goes for privacy, consent must be active, clear, knowing, ongoing, voluntary and is always REQUIRED!
As in sex, the same goes for privacy, consent must be active, clear, knowing, ongoing, voluntary and is always REQUIRED!
OpenAI’s recently introduced Aardvark the agentic security researcher. openai.com/index/introd...
You can actually set this up in a much less intrusive way with Copilot by using the Copilot code review functionality docs.github.com/en/copilot/c...
You can actually set this up in a much less intrusive way with Copilot by using the Copilot code review functionality docs.github.com/en/copilot/c...
Introducing Aardvark: OpenAI’s agentic security researcher
Now in private beta: an AI agent that thinks like a security researcher and scales to meet the demands of modern software.
openai.com
November 1, 2025 at 8:59 AM
OpenAI’s recently introduced Aardvark the agentic security researcher. openai.com/index/introd...
You can actually set this up in a much less intrusive way with Copilot by using the Copilot code review functionality docs.github.com/en/copilot/c...
You can actually set this up in a much less intrusive way with Copilot by using the Copilot code review functionality docs.github.com/en/copilot/c...
Consult with your physician
October 31, 2025 at 6:13 AM
Consult with your physician
Don’t get too addicted to those pills. Do it on weekends when it’s fun.
October 31, 2025 at 6:08 AM
Don’t get too addicted to those pills. Do it on weekends when it’s fun.
Reposted by Uncle Joe