Shostack + Friends Blog

Recent Blog Posts, Page 10

97 Things Every Application Security Professional Should Know

Proud to be an O’Reilly author! (18 Jun 2024)

 

First Workshop on Cyber Public Health

The first workshop on cyber public health was so exciting. Check out the report! (17 Jun 2024)

 

Lockbit, a study in public health

Why is it hard to count lockbit infections? (15 Jun 2024)

 

Why I don't engage with Sean Hastings

Mr. Hastings has been charged with crimes against me, and the police advise me to not engage. (14 Jun 2024)

 

Scale to Zero

Adam on the Scale to Zero podcast (12 Jun 2024)

 

Threat Modeling and Logins, Redux

How to effectively threat model authentication. (11 Jun 2024)

 

William Anders

Commemorating William Anders (08 Jun 2024)

 

The Universal Cloud TM -- Threat Model Thursday

A new universal threat model - what can we learn from it? (06 Jun 2024)

 

Threat Modeling and Logins

Authentication is more frustrating to your customers when you don’t threat model. (04 Jun 2024)

 

Security Engineering roundup - May 2024

The most important stories around threat modeling, appsec and secure by design for May, 2024. (30 May 2024)

 

Blackhat Training Early Bird

The early bird pricing for my Blackhat training expires this Friday (21 May 2024)

 

Diagrams and Symbols in Threat Models

How can we think about non-standard symbols in threat modeling diagrams? (16 May 2024)

 

Secure by Design roundup - April 2024

A less busy month in appsec, AI, and regulation, but still interesting stories (08 May 2024)

 

RSA 2024

A great threat modeling talk at RSA 2024 (06 May 2024)

 

Happy Star Wars Day

(04 May 2024)