Shostack + Friends Blog

 

Posts in category “information security”

25 Years of Appsec - Appsec Global

Adam is delivering the opening keynote for OWASP Global Appsec 2021 with a 25 year restrospective on the history of appsec and a look into its future.

 
 

Threat Model Thursday: NIST’s Code Verification Standard

Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future.

 
 
 

IoT Security & Threat Modeling

Expanding on the UK Government's ‘The Uk Code of Practice for Consumer IoT Security’ and how it aligns with Threat Modeling.

 
 
 
 
 

Pivots and Payloads

A new game from SANS for understanding pen test methodology, tactics, and tools.

 
 
 

Doing Science with Near Misses

Near misses are an important source of information for avoiding accidents, and it's a shame we don't use them in cybersecurity.