Shostack + Friends Blog

Posts in category "application security"

Application and AI roundup - August

Lots of interesting work in LLMs (again) (30 Aug 2023)

Application and AI roundup - May

This month runs quite heavy on AI, but the CISA Safe by Design and Default document is going to be important for the next several years. (30 May 2023)

A diagram showing threats such as prompt injection and model theft that are threats to a ML tool

Five Threat Model Diagrams for Machine Learning

Some diagrams to help clarify machine learning threats (13 Apr 2023)

A set of cards with threats like our deployment artifacts contain secrets that can be extracted

Cumulus

Cumulus is a cloud-oriented version of Elevation of Privilege (06 Apr 2023)

Application Security Roundup - March

A few tools, some thoughts on injection, some standards, and some of Adam’s appsec news. (05 Apr 2023)

Subscribe (RSS/Mail)

RSS: If you’d like to subscribe, you can get the ATOM feed here.

Email: If you’d like every blog post by email, we’re experimenting with Substack. If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed.

FDA Final Cyber Guidance is out

26 Sep 2023

The FDA has released their new guidance, which will be broadly impactful.

Comparing Retrospectives

19 Sep 2023

We can learn a lot from comparing retrospectives

Open training: Threat Modeling for Champs (October)

14 Sep 2023

Seats are available in our October training

Application and AI roundup - August

30 Aug 2023

Lots of interesting work in LLMs (again)

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.