to include and prioritize #security work in our agile workstreams we value #threatmodelling techniques.
@jgumbley from #thoughtworks & Fraser Scott from capital one will be sharing techniques and stories at the #xconfunplugged18 threat modelling event on thursday 22/11 @ #thoughtworks #London office.
sign up here! https://thght.works/2PRdfC5 #infosec
Seven Critical Things To Protect Your Infrastructure and Data
errm, does this mean that using maven is a risk? https://github.com/snyk/zip-slip-vulnerability
I'm tempted to say that as long as you only use dependency from trusted publishers and from a trusted repository it's alright but I'm pretty sure I'm minimizing the issue here. #swdev #security #infosec #maven #zipslip
Ron Jeffries - Developers Should Abandon Agile https://ronjeffries.com/articles/018-01ff/abandon-1/
after being away from java and spring for a while this was quite a good overview of what's new in the core framework: https://youtu.be/0V-3kUMfWCc
Conversation here reminded me of this awesome piece by James Mickens:
It's not often I get to describe #infosec writing as simultaneously informative and fucking hilarious but Mickens fills the bill.
finally bottled my latest #homebrew. it's a truffle stout, so I called it "Proof of Wort"
"The ssh-decorator package from Python pip had an obvious backdoor"
sends host + username + password to an external website
"How to Use Signal Without Giving Out Your Phone Number"
https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/ #signal #privacy
Only confirmed victim so far is a cryptocurrency site, lol.
Because I live in fear that there exist people who don't know about this: https://godbolt.org/
Want to know what a compiler actually does with your code? Find out, with nice highlighting of sections! Supports C, C++, Haskell, Go, Swift, Rust, and various other languages.
See. Explore. Understand.
Defensive Security Podcast Episode 216
Errorist. Weeaboo. Security Sleepwalker & BevOps @ ThoughtWorks UK (Views are mine etc...). 0x7AD2E918B3D5FFB7
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!