New by me: "Stay frosty and test your apps" isn't cutting it anymore.
#appsec
3 posts3 participants0 posts today
HTTP/1.1 desynchronization attacks (aka request smuggling) can put web apps at risk.
Fastly stops them with:
Strict parsing Edge normalization Blocking bad requests
Learn more: https://www.fastly.com/blog/demystifying-fastlys-defense-against-http-desynchronization-attacks
#Security #AppSec
Memo: Our Call for Presentations for German #OWASP Day 2026, taking place on Nov 26 in Düsseldorf, ends this Sunday (August 24)!
Don't miss this chance if you would like to present your #appsec related topic to a broader audience!
god.owasp.deGerman OWASP Day 2025
Want to learn the absolute basics of application security? Check out this helpful YouTube playlist! #appsec
https://twp.ai/4ioWqD
YouTubeIntroduction to Application SecurityWhat is Application Security? In these introductory videos Tanya Janca (SheHacksPurple) will walk you through a variety of her experiences in AppSec and DevS...
Calling all #AppSec folks in #London!
We are hosting a rooftop screening of Star Wars: The Force Awakens on Saturday, August 30! We've got everything from lightsabers, snacks, refreshments and a chance to snap a photo with Darth Vader.
RSVP here: https://shorturl.at/Ewzed
Welcome to Day 3 at AppSec Village – the final day at @defcon 33!
We’re closing out with:
FREE Hacker Fuel 
Fix the Flag Wargame (10:00–11:45)
Live talks on CVEs, chained exploits, and breaking bloatware
Spotter Arsenal demo & AppSec in the Shadows workshop
POD games & vulnerability hunts
CTF Award Ceremony at 11:50am - don’t miss it!
More details: https://www.appsecvillage.com/events/dc-2025
Let’s go!
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“DevSecOps: More Than Just Pipelines”
https://twp.ai/4ioDxP
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Security Metrics that Matter” https://twp.ai/4ioGd3
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Replied in thread
@cR0w @mttaggart @ckure @librewolf Crap. I missed that. Hmm. Are there alternatives with more reliable financial and #AppSec support?
@cR0w @mttaggart @ckure Sounds like a good reason for a bunch of security nerds to donate financially and contribute security code review to @librewolf.
I'll do both when my income and education are each a bit farther along, regardless of whether I use that browser myself. The importance of unenshittified or disenshittified web browsers only grows over time.
Are you interested in a different kind of security conference?
Then take a look at the Open Security Conference (@OSCo). #osco25 takes place from October 2 to 5 in Rückersbach (Germany near Frankfurt) and registration is still open at https://opensecurityconference.org/.
(this is an English version of the original German thread https://infosec.exchange/@realn2s/114936419689473030)
Why?
The Open Security Conference aims to be diverse and inclusive. This also includes different levels of knowledge and experience.
It is therefore not only for security experts or for people who have (already) worked in the security sector for a long time,
but also for people who are interested in security or want to get into the field.
The #OpenSpace format not only enables expert presentations,
but also non-expert topics or questions as session topics. Sessions are not resticted to presentations, they can be interactive, collaborative, workshops or basically anything else.
Since topics do not have to be submitted months in advance,
but the agenda is created jointly by the participants, hot topics can also be covered.
The conference is non-commercial, i.e. the total costs are shared between the participants (including the organizers).
The costs include accommodation and meals in the conference hotel.
And yes, there are also sponsors who cover part of the costs.
But not everything is different.
There are great keynotes e.g. by @bkastl ("History repeating itself") and Mireia Cano ("Building an AppSec Program from Scratch").
Open Security ConferenceHome
DC's Next Top Threat Model is back for @defcon 33!! Visit https://threatmodel.us for more details.
As they say, better late than never 
Hi #InfoSec! I'm Michael, a PhD engineer in the UK working in software engineering.
Background spans hardware, software, and data systems, originally in additive manufacturing and mech eng.
Currently working as an SWE in clean energy with exposure to API security and compliance testing.
Building a homelab for infrastructure security learning.
Interested in application security and secure system design. #introduction #cybersecurity #homelab #appsec
The Open Security Conference 2025 is looking forward to welcoming you! 
Yes, you. You're interested in cybersecurity, right? You might work in the space or just have it as a special interest, you're all welcome to join #osco and learn more together! 
https://opensecurityconference.org/
See you October 2-5 in Rückersbach, close to Frankfurt am Main, Germany. 
Register now: https://opensecurityconference.org/conference/registration
#osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
Open Security ConferenceHome
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“DevSecOps: More Than Just Pipelines” https://twp.ai/4ioig2
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
A day to take note of! It's International Non-Binary People's Day. 
You weren't aware? No shame in that! What does non-binary mean, you ask? What a great opportunity to learn more! And how to do this better than through non-binary folks themselves?
So here's your quest: Check out the hashtags below and you'll find lots of posts you might not have seen in your bubble so far. Find at least one non-binary person's profile where you like the content, and follow them! Bonus points for boosting their content so even more people can learn. 
https://en.m.wikipedia.org/wiki/International_Non-Binary_People%27s_Day
#NonBinary #enby #BeyondTheBinary #NonBinaryAwarenessWeek #NonBinaryPeoplesDay #InternationalNonBinaryPeoplesDay #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
Have you heard? I'm giving my workshop "Secure Development Lifecycle Applied - How to Make Things a Bit More Secure than Yesterday Every Day" at NDC Porto this year! Super excited to experience this conference, share and learn with folks. 
NDCPart 1/2: Secure Development Lifecycle Applied - How to Make Things a Bit More Secure than Yesterday Every Day | NDC Porto 2025Building valuable solutions is a complex endeavor that requires a breadth of knowledge. That not being enough, we’re also getting asked to build secure solutions in a secure way - yet what does that even mean? How do we incorporate such a vast area of expertise into our everyday workflows?
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Top Ten Security Tips for APIs” https://twp.ai/4ioX6N
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Calling all #AppSec folks in #London!
We are hosting a rooftop screening of Star Wars: The Force Awakens on Saturday, August 30! We've got everything from lightsabers, snacks, refreshments and a chance to snap a photo with Darth Vader.
RSVP here: https://shorturl.at/Ewzed