Why Nostr? What is Njump?
2024-09-03 15:20:14

Adam Shostack :donor: :rebelverified: on Nostr: My appsec roundup for August is out Brett Crawley released Threat Modeling Gameplay ...

My appsec roundup for August is out

https://shostack.org/blog/appsec-roundup-august-2024/

Brett Crawley released Threat Modeling Gameplay with EoP: A reference manual for spotting threats in software architecture, published by Packt, a full book on the game. Awesome! (I was honored to write the Foreword.)
In a blog post at Forbes, Zak Doffman discusses a New Warning As ‘Spike’ In GPS Spoofing Attacks Hit Passenger Planes, citing a rise from 200 daily incidents to 900 in Q2, 2024. It’s really nice to see quantified rates, and this echos a theme, that the threat to GPS location is growing.
Chris Martorella of Miro has released a template, Threat Modeling - STRIDE on their platform.
The Australian government led a coalition who released Best Practices for Event Logging and Threat Detection. It’s probably useful for reviewing operational logging practice, despite a focus on APTs (to the exclusion of ransomware or other attackers), and a confusion about the relationship of “baseline” to “best.”
Author Public Key
npub1s7cghayd6cuu7tnvxw6xlxq5ddz0grs956tzwsqj59v5vvucgd7sdgrcqn