Appsec Roundup - Jan 2025
An exciting month, with new threat modeling tools, cool thoughts on STAMP, bounds checking, ADRs and more!
Shostack + Friends Blog
Posts in category "application security"
Appsec Roundup - Dec 2024
A virtual feast of appsec!
Appsec Roundup - Nov 2024
A virtual feast of appsec!
Appsec Roundup - Oct 2024
If you say liability three times, it appears!
Appsec Roundup - September 2024
If you say threat modeling three times, it appears!
Appsec Roundup - August 2024
The most important stories around threat modeling, appsec and secure by design for August, 2024.
Appsec Roundup - July 2024
The most important stories around threat modeling, appsec and secure by design for June, 2024.
Appsec Roundup - June 2024
The most important stories around threat modeling, appsec and secure by design for June, 2024.
Security Engineering roundup - May 2024
The most important stories around threat modeling, appsec and secure by design for May, 2024.
Secure by Design roundup - April 2024
A less busy month in appsec, AI, and regulation, but still interesting stories
Eternal sunshine of the spotless LLM
Making an LLM forget is harder than it seems
Secure by Design roundup - March 2024
A busy month in appsec, AI, and regulation.
Application and AI roundup - Feb 2024
A busy month in appsec, AI, and regulation.
Application and AI roundup - Jan 2024
A busy month+ in appsec, AI, and regulation.
The State of Appsec in 2024
2024 is bringing lots of AI, and Liability, too
Application and AI roundup - November
A threat modeling conference, lots of government appsec guidance, and some updates from Shostack + Associates
Application and AI roundup - October
Exciting news from the SEC, lots of AI, and lots of threat modeling.
Application and AI roundup - September
September was a big month in appsec for both memory safety and policy
Application and AI roundup - August
Lots of interesting work in LLMs (again)
Application and AI roundup - May
This month runs quite heavy on AI, but the CISA Safe by Design and Default document is going to be important for the next several years.
Five Threat Model Diagrams for Machine Learning
Some diagrams to help clarify machine learning threats
Cumulus
Cumulus is a cloud-oriented version of Elevation of Privilege
Application Security Roundup - March
A few tools, some thoughts on injection, some standards, and some of Adam’s appsec news.
Application Security Roundup - October and Nov
Interesting reads this month include signals from the administration, a history of appsec by one of the originals, and a longread from Apple about kernel memory design.
Application Security Roundup - September
Interesting appsec posts: machine learning, performance, and C4
Application Security Roundup - July
Interesting appsec posts: machine learning, performance, and C4
Application Security Roundup - June
Interesting appsec posts: from medical devices to bridges.
Application Security Roundup - May
A collection of interesting appsec posts.
25 Years of Appsec - Appsec Global
Adam is delivering the opening keynote for OWASP Global Appsec 2021 with a 25 year restrospective on the history of appsec and a look into its future.
25 Years in AppSec: Looking Back
Time flies and things change... A look back on the growth of this industry.
Pacific Northwest Appsec Conference
AppSec Pacific Northwest Conference is a free application security conference that will be held Saturday, June 19th. It is a virtual, online event sponsored by the OWASP chapters of Portland, Vancouver, and Victoria.
Mmmm, Pandemic Puppies
CSO on AppSec at the Speed of Devops
[no description provided]