Shostack + Friends Blog

Posts in category "application security"

Application and AI roundup - May

This month runs quite heavy on AI, but the CISA Safe by Design and Default document is going to be important for the next several years. (30 May 2023)

A diagram showing threats such as prompt injection and model theft that are threats to a ML tool

Five Threat Model Diagrams for Machine Learning

Some diagrams to help clarify machine learning threats (13 Apr 2023)

A set of cards with threats like our deployment artifacts contain secrets that can be extracted

Cumulus

Cumulus is a cloud-oriented version of Elevation of Privilege (06 Apr 2023)

Application Security Roundup - March

A few tools, some thoughts on injection, some standards, and some of Adam’s appsec news. (05 Apr 2023)

Subscribe (RSS/Mail)

RSS: If you’d like to subscribe, you can get the ATOM feed here.

Email: If you’d like every blog post by email, we’re experimenting with Substack. If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed.

Phishing Defenses

07 Jun 2023

Phishing behaviors, as observed in the wild.

Application and AI roundup - May

30 May 2023

This month runs quite heavy on AI, but the CISA Safe by Design and Default document is going to be important for the next several years.

The Cyber Safety Review Board Should Investigate Major Historical Incidents

25 May 2023

Tarah Wheeler and Adam write in CFR

May the Fourth Secure You

04 May 2023

Celebrating Star Wars Day in style!

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.