to include and prioritize #security work in our agile workstreams we value #threatmodelling techniques.
@jgumbley from #thoughtworks & Fraser Scott from capital one will be sharing techniques and stories at the #xconfunplugged18 threat modelling event on thursday 22/11 @ #thoughtworks #London office.
sign up here! https://thght.works/2PRdfC5 #infosec
I would not normally be that hashtaggy from a personal account but hey, it's a good talk and totally worth a share!
Data Security from Day 1 - Sara DIaz & Cade Cairns https://youtu.be/6oNhtcenNuk @sdiaz @ccairns #infosec #security #devsecops #whatnotothersecurityhashtagishotthesedays
Seven Critical Things To Protect Your Infrastructure and Data
https://infosec.engineering/seven-critical-things-to-protect-your-infrastructure-and-data/
errm, does this mean that using maven is a risk? https://github.com/snyk/zip-slip-vulnerability
I'm tempted to say that as long as you only use dependency from trusted publishers and from a trusted repository it's alright but I'm pretty sure I'm minimizing the issue here. #swdev #security #infosec #maven #zipslip
Ron Jeffries - Developers Should Abandon Agile https://ronjeffries.com/articles/018-01ff/abandon-1/
#agile #swdev
after being away from java and spring for a while this was quite a good overview of what's new in the core framework: https://youtu.be/0V-3kUMfWCc
Conversation here reminded me of this awesome piece by James Mickens:
https://www.schneier.com/blog/archives/2015/08/mickens_on_secu.html
It's not often I get to describe #infosec writing as simultaneously informative and fucking hilarious but Mickens fills the bill.
holy shit.
https://www.reddit.com/r/Python/comments/8hvzja/backdoor_in_sshdecorator_package/
https://twitter.com/x0rz/status/994116668086542336
"The ssh-decorator package from Python pip had an obvious backdoor"
sends host + username + password to an external website
"How to Use Signal Without Giving Out Your Phone Number"
https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/ #signal #privacy
Because I live in fear that there exist people who don't know about this: https://godbolt.org/
Want to know what a compiler actually does with your code? Find out, with nice highlighting of sections! Supports C, C++, Haskell, Go, Swift, Rust, and various other languages.
See. Explore. Understand.
Defensive Security Podcast Episode 216
http://defensivesecurity.org/defensive-security-podcast-episode-216/
#infosec
#homebewing a truffle #stout! I don't really know what I'm doing but I'm sure the result will be interesting! #beer
Errorist. Weeaboo. Security Sleepwalker & BevOps @ ThoughtWorks UK (Views are mine etc...). 0x7AD2E918B3D5FFB7