PHP deals with two malicious commits, SSO and OAuth attack vectors to remember for your threat models, zines for your DevSecOps education! Visit https://www.securityweekly.com/asw for…
The security industry generally agrees on the value of enabling developers in an agile environment—although we don’t agree on what to call it… “Shifting Left,”…
npm netmask library has a critical bug, when AI attacks, firmware attacks on the rise, Microsoft Hololens and order 66, a real executive order 13694,…
Security technology roll-outs often fail because of the following: 1) Weak Security Culture – users don’t see value or understand the importance of taking action….
In the Leadership and Communications section, Being a CISO in 2021: How to Be a Business Leader in the Boardroom, Skills CISOs Need to Have…
The OWASP Top 10 2021 is in development. A public survey has just been released. We have finished collecting data. I would like to discuss…
In the Security News, If software got a security grade, most would get an F, SolarWinds hackers got some source code, new old bugs in…
Industrial Control Systems (ICS) and Operational Technology (OT) have risks and consequences in the real world, such as the health and safety of people, but…
This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking…
Filter By:
Security Awareness Culture Change, Part 2 – Kelley Bray, Stephanie Pratt – SCW #69
We continue the discussion about the importance of effective security awareness programs and what that would actually look like. We’ll also examine how to move…