Missed one of my past conference talks? Let’s fix that.

I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

“DevSecOps: More Than Just Pipelines”
https://twp.ai/4ioig2

Ready to go beyond academic theory and into real-world AI security testing?

Join Jason Haddix on November 4–5 at OWASP Global AppSec USA 2025 for a 2-day, hands-on training: Attacking AI.

This intermediate-level course is packed with case studies, real methodologies, and tactics drawn from Arcanum’s cutting-edge AI assessments.

REGISTER: https://owasp.glueup.com/event/131624/register/

A day to take note of! It's International Non-Binary People's Day.

You weren't aware? No shame in that! What does non-binary mean, you ask? What a great opportunity to learn more! And how to do this better than through non-binary folks themselves?

So here's your quest: Check out the hashtags below and you'll find lots of posts you might not have seen in your bubble so far. Find at least one non-binary person's profile where you like the content, and follow them! Bonus points for boosting their content so even more people can learn.

https://en.m.wikipedia.org/wiki/International_Non-Binary_People%27s_Day

#NonBinary #enby #BeyondTheBinary #NonBinaryAwarenessWeek #NonBinaryPeoplesDay #InternationalNonBinaryPeoplesDay #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

Missed one of my past conference talks? Let’s fix that.

I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

“Security Metrics that Matter”
https://twp.ai/4iokVq

Have you heard? I'm giving my workshop "Secure Development Lifecycle Applied - How to Make Things a Bit More Secure than Yesterday Every Day" at NDC Porto this year! Super excited to experience this conference, share and learn with folks.

https://ndcporto.com/workshops/part-1-2-secure-development-lifecycle-applied-how-to-make-things-a-bit-more-secure-than-yesterday-every-day/4ebef8044659

Missed one of my past conference talks? Let’s fix that.

I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

“Building Security Champions”
https://twp.ai/4ioVSb

Prompt injection is the new SQL injection.
When AI writes or runs code, untrusted inputs can do real damage.
Sanitize everything.
#AIsecurity #AppSec #PromptInjection

Missed one of my past conference talks? Let’s fix that.

I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

“Top Ten Security Tips for APIs”
https://twp.ai/4ioX6N

Join renowned expert Adam Shostack for a 3-day Threat Modeling Intensive, Nov 3–5, at OWASP Global AppSec USA 2025.

You’ll sharpen core threat modeling skills, then dive into how AI can support (and sometimes confuse) the process. Learn to evaluate what AI tools get right—and wrong—and how to integrate them responsibly into your security workflows.

REGISTER: https://owasp.glueup.com/event/131624/register/

AppSec Ezine - 595th https://pathonproject.com/zb/?0d340b7bddcc7b90#H+cg6eXY2Ea0Nq+hcV4mY+m/5p1qLhThPMAGgMwBmI4= #AppSec #Security

Why your AppSec Tool Stack Is Failing in the Age of AI – Source: securityboulevard.com https://ciso2ciso.com/why-your-appsec-tool-stack-is-failing-in-the-age-of-ai-source-securityboulevard-com/ #rssfeedpostgeneratorecho #ApplicationSecurity #ContributedContent #CyberSecurityNews #SecurityBoulevard #ToolStack #SocialX #AppSec #mendio #AI

It's awesome to be Microsoft MVP for another year! I really enjoy sharing knowledge and interacting with the community and of course will continue to do that! Congratulations to the other MVP's that got renewed as well! #mvpbuzz #appsec #security

Calling all #AppSec folks in #London!

We are hosting a rooftop screening of Star Wars: The Force Awakens on Saturday, August 30! We've got everything from lightsabers, snacks, refreshments and a chance to snap a photo with Darth Vader.

RSVP here: https://shorturl.at/Ewzed

#TBT to DEF CON 31! Shahar Man led an AppSec Village panel w/ Joe Christian, Kiran Shirali & Trupti Shiralkar—sharing real-world security insights.
Help us record & share DEF CON 33:
Donate: https://www.zeffy.com/en-US/donation-form/appsec-village-def-con-33-recordings
https://youtu.be/KOqMNEkGiVI?si=euy_EN9ROXBBw6up

ZAP now has full support for Microsoft Edge
https://www.zaproxy.org/blog/2025-07-10-edge-support/
#zaproxy #appsec

Amateur hour #swsec #appsec

https://techcrunch.com/2025/07/09/jack-dorsey-says-his-secure-new-bitchat-app-has-not-been-tested-for-security/

Ready, set, go! Register now to get your package for the Open Security Conference 2025.

When? October 2-5
Where? Close to Frankfurt am Main, Germany
Why? It's a one of a kind conference!

Open space, from the community for the community, including everyone interested in cybersecurity. What we value: https://opensecurityconference.org/about/values/

Register now: https://opensecurityconference.org/conference/registration

#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

Missed one of my past conference talks? Let’s fix that.

I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

“Shifting Security Everywhere” - Not just LEFT anymore!
https://twp.ai/4ioasq

Join Robert Hurlbut for AI Whiteboard Hacking, a 2-day hands-on threat modeling training, happening Nov 4–5 at OWASP Global AppSec USA 2025.

Register: https://owasp.glueup.com/event/131624/register/

Explore real-world AI threats like prompt injection and data poisoning and learn how to design secure AI systems using the proven DICE methodology.

Liebe #AppSec Community!

(English below)

Wir *) haben nun offiziell den Call for Presentations des German #OWASP2025 Days 2025 eröffnet und freuen uns auf eine spannende Konferenz!

Der GOD, so wie der traditionell heißt, wird dieses Jahr am 26.11. in Düsseldorf stattfinden, mit Trainings am Vortrag und dem üblichen Networking-Event am Vorabend.

Wir wollen an die letztjährige Konferenz in Leipzig, die tollen Zuspruch bekommen hat, anknüpfen und suchen dich als Sprecherin oder Sprecher. Falls du ein spannendes Thema hast, was du dort vorstellen möchtest, würden wir uns freuen, wenn du dem Programmkomitee deine Idee unterbreiten würdest. Den CfP findest du unter https://god.owasp.de/2025/cfp . Wir haben Slots mit 20 und 40 Minuten Präsentationszeit.

Falls du Bekannte oder Kolleginnen/Kollegen kennst, die vielleicht gerne ihr Thema in Düsseldorf vorstellen wollen, leite dies gerne weiter.

-----

We've *) just opened the Call for Presentations for the German OWASP Day 2025 and looking much forward to an exciting conference, again.

This year's conference, nicknamed GOD traditionally, will take place on November 26 in Düsseldorf with training sessions the day before and the usual networking event the evening before.

We want to build on last year's conference in Leipzig, which was very well received, and thus are looking for you as a speaker. If you have an exciting topic that you would like to present in Düsseldorf, we would be delighted if you would submit your idea to the program committee. You can find the CfP at https://god.owasp.de/2025/en/cfp.html . We have slots with 20 and 40 minutes presentation time.

If you have friends or colleagues who might be interested presenting their topic, please pass this on.

*) "Wir" bedeutet wie jedes Jahr ein Team von Leuten, die dies ehrenamtlich mit viel Einsatz auf die Beine stellen.

As every year "we" is a team of volunteers who put this together with a great deal of commitment.