Uncle Joe
@sydseter.com
Co-leader OWASP Cornucopia. If you like what we do for open source, visit our code repository https://github.com/OWASP/cornucopia and give us a star ⭐
🌈 «Difference is of the essence of humanity» 🦄 – John Hume
#appsec #owasp #cornucopia #threatmodeling
🌈 «Difference is of the essence of humanity» 🦄 – John Hume
#appsec #owasp #cornucopia #threatmodeling
Pinned
Uncle Joe
@sydseter.com
· Nov 25
If you want others to do threat modeling for you, then please, for the love of god, at least, make it a bit fun!
copi.owasp.org
cornucopia.owasp.org
#owasp #cornucopia #appsec #threatmodeling #threat-modeling
copi.owasp.org
cornucopia.owasp.org
#owasp #cornucopia #appsec #threatmodeling #threat-modeling
Reposted by Uncle Joe
The State Of Threat Modeling Survey (hashtag#SOTM) 2025-2026 from Threat Modeling Connect has been sent out (see: threatmodelingconnect.com/state-of-threat-modeling-2025-2026 ). Find out how your organization is doing regarding threat modeling!
#threatmodeling #security #infosec #appsec
#threatmodeling #security #infosec #appsec
November 19, 2025 at 3:07 PM
The State Of Threat Modeling Survey (hashtag#SOTM) 2025-2026 from Threat Modeling Connect has been sent out (see: threatmodelingconnect.com/state-of-threat-modeling-2025-2026 ). Find out how your organization is doing regarding threat modeling!
#threatmodeling #security #infosec #appsec
#threatmodeling #security #infosec #appsec
Reposted by Uncle Joe
Approach security awareness from the perspective of a 9-year-old. How would your kids teach their moms and dads what not to do.
November 20, 2025 at 11:22 AM
Approach security awareness from the perspective of a 9-year-old. How would your kids teach their moms and dads what not to do.
Approach security awareness from the perspective of a 9-year-old. How would your kids teach their moms and dads what not to do.
November 20, 2025 at 11:22 AM
Approach security awareness from the perspective of a 9-year-old. How would your kids teach their moms and dads what not to do.
Holy shit! This is the third time this year my kids are able to crack the ipad pin for giving them selves screen time. I could have sworn nobody was shoulder surfing me. All this passcodes are turning our kids knto social engineers! 👨💻🧑💻
November 20, 2025 at 7:50 AM
Holy shit! This is the third time this year my kids are able to crack the ipad pin for giving them selves screen time. I could have sworn nobody was shoulder surfing me. All this passcodes are turning our kids knto social engineers! 👨💻🧑💻
Reposted by Uncle Joe
Exciting opportunity alert! 🌟 Want to speak at the #OWASP Global #AppSec EU 2026 Conference in Vienna? The Call for Presentations is now open! Share your expertise in our diverse tracks. Submit your proposal today! Link: sessionize.com/owasp...
#devsecops #SDLC #threatmodeling #AI
#devsecops #SDLC #threatmodeling #AI
OWASP Global AppSec EU 2026 - CFP (Vienna, Austria) : Call for Speakers
OWASP Global Conferences are a must attend event by all cybersecurity professionals. Join the team and become a speaker at this well sought after eve...
sessionize.com
November 17, 2025 at 10:36 PM
Exciting opportunity alert! 🌟 Want to speak at the #OWASP Global #AppSec EU 2026 Conference in Vienna? The Call for Presentations is now open! Share your expertise in our diverse tracks. Submit your proposal today! Link: sessionize.com/owasp...
#devsecops #SDLC #threatmodeling #AI
#devsecops #SDLC #threatmodeling #AI
Reposted by Uncle Joe
Trainers and speakers, exciting opportunities await! 🌟
🔍 Become a trainer at OWASP Global AppSec EU 2026: sessionize.com/owasp...
🌟 Dream of speaking at Global AppSec EU 2026: sessionize.com/owasp...
🎤 Showcase your expertise at the Virtual 25th Anniversary Conference:
🔍 Become a trainer at OWASP Global AppSec EU 2026: sessionize.com/owasp...
🌟 Dream of speaking at Global AppSec EU 2026: sessionize.com/owasp...
🎤 Showcase your expertise at the Virtual 25th Anniversary Conference:
OWASP Global AppSec EU (Vienna) 2026 - CFT : Call for Sessions
OWASP Global AppSec Training Days are known for their top notch trainers and in-depth course material. The OWASP Foundation would like to invite you ...
sessionize.com
November 18, 2025 at 8:02 PM
Trainers and speakers, exciting opportunities await! 🌟
🔍 Become a trainer at OWASP Global AppSec EU 2026: sessionize.com/owasp...
🌟 Dream of speaking at Global AppSec EU 2026: sessionize.com/owasp...
🎤 Showcase your expertise at the Virtual 25th Anniversary Conference:
🔍 Become a trainer at OWASP Global AppSec EU 2026: sessionize.com/owasp...
🌟 Dream of speaking at Global AppSec EU 2026: sessionize.com/owasp...
🎤 Showcase your expertise at the Virtual 25th Anniversary Conference:
Reposted by Uncle Joe
Are you the next card game designer for OWASP Cornucopia Website Edition v3.0?
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
OWASP Cornucopia 3.0 - A call for card game designers!
Would you like to be our card game designer for the OWASP Cornucopia Website Edition...
dev.to
November 13, 2025 at 12:28 PM
Are you the next card game designer for OWASP Cornucopia Website Edition v3.0?
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
The State Of Threat Modeling Survey (hashtag#SOTM) 2025-2026 from Threat Modeling Connect has been sent out (see: threatmodelingconnect.com/state-of-threat-modeling-2025-2026 ). Find out how your organization is doing regarding threat modeling!
#threatmodeling #security #infosec #appsec
#threatmodeling #security #infosec #appsec
November 19, 2025 at 3:07 PM
The State Of Threat Modeling Survey (hashtag#SOTM) 2025-2026 from Threat Modeling Connect has been sent out (see: threatmodelingconnect.com/state-of-threat-modeling-2025-2026 ). Find out how your organization is doing regarding threat modeling!
#threatmodeling #security #infosec #appsec
#threatmodeling #security #infosec #appsec
Reposted by Uncle Joe
Don’t apologize for designing before coding, it’s called “thinking”.
October 29, 2025 at 7:06 AM
Don’t apologize for designing before coding, it’s called “thinking”.
Are you the next card game designer for OWASP Cornucopia Website Edition v3.0?
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
OWASP Cornucopia 3.0 - A call for card game designers!
Would you like to be our card game designer for the OWASP Cornucopia Website Edition...
dev.to
November 13, 2025 at 12:28 PM
Are you the next card game designer for OWASP Cornucopia Website Edition v3.0?
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Reposted by Uncle Joe
there should be some kind of digital death penalty where you're banned from using the computer for life if you're caught selling "phishing for dummies" SaaS
www.theverge.com/news/818554/...
www.theverge.com/news/818554/...
November 12, 2025 at 4:24 PM
there should be some kind of digital death penalty where you're banned from using the computer for life if you're caught selling "phishing for dummies" SaaS
www.theverge.com/news/818554/...
www.theverge.com/news/818554/...
Reposted by Uncle Joe
What if security wasn’t a firefight?
Facebook’s “Privacy Waves” program bakes privacy work into a monthly rhythm — predictable, repeatable, scalable.
Maybe the real AppSec unlock isn’t more tech.
It’s cadence.
Make security routine, not reactive.
is.gd/g073ju
Facebook’s “Privacy Waves” program bakes privacy work into a monthly rhythm — predictable, repeatable, scalable.
Maybe the real AppSec unlock isn’t more tech.
It’s cadence.
Make security routine, not reactive.
is.gd/g073ju
Shostack + Friends Blog > Secure By Design roundup - October 2025
Phil Venables is releasing a masterclass; new guidance from SAFECode, a new paper from JPMorganChase on their tools, how Facebook uses “waves”, a new AI shared responsibility model and more!
is.gd
November 12, 2025 at 3:26 PM
What if security wasn’t a firefight?
Facebook’s “Privacy Waves” program bakes privacy work into a monthly rhythm — predictable, repeatable, scalable.
Maybe the real AppSec unlock isn’t more tech.
It’s cadence.
Make security routine, not reactive.
is.gd/g073ju
Facebook’s “Privacy Waves” program bakes privacy work into a monthly rhythm — predictable, repeatable, scalable.
Maybe the real AppSec unlock isn’t more tech.
It’s cadence.
Make security routine, not reactive.
is.gd/g073ju
On inauguration day, Trump received greetings from leaders around the world, from Putin, Trump received a Fabergé egg made of gold, diamond and rubies...
and inside a USB stick.
He put the USB stick in his computer that started a funny video greeting from Putin with two topless women which Trump enjoyed very much.
Later that day, the computer stopped working so Trump rebooted and discovered his computer had been encrypted with ransomware...
(2/7)
He put the USB stick in his computer that started a funny video greeting from Putin with two topless women which Trump enjoyed very much.
Later that day, the computer stopped working so Trump rebooted and discovered his computer had been encrypted with ransomware...
(2/7)
November 12, 2025 at 11:06 PM
On inauguration day, Trump received greetings from leaders around the world, from Putin, Trump received a Fabergé egg made of gold, diamond and rubies...
Reposted by Uncle Joe
Reposted by Uncle Joe
happy epstein thermonuclear launch day to all who celebrate
November 12, 2025 at 6:01 PM
happy epstein thermonuclear launch day to all who celebrate
Reposted by Uncle Joe
Hey #bsky!
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
November 11, 2025 at 4:33 PM
Hey #bsky!
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Hey #bsky!
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
November 11, 2025 at 4:33 PM
Hey #bsky!
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Reposted by Uncle Joe
The other day my brother called me while on the job driving my stepfather‘s cab. „Bro, do you know what your IQ is?“ „No, I never bothered to check?!“ „Well, do it! I‘ll send you a link. I scored a 175 on an IQ test with just answering some simple questions:
(1/2)
(1/2)
January 13, 2025 at 11:02 PM
The other day my brother called me while on the job driving my stepfather‘s cab. „Bro, do you know what your IQ is?“ „No, I never bothered to check?!“ „Well, do it! I‘ll send you a link. I scored a 175 on an IQ test with just answering some simple questions:
(1/2)
(1/2)
Reposted by Uncle Joe
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Overview - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
November 9, 2025 at 1:08 PM
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Reposted by Uncle Joe
Did you know that according to ISO 27001, 8.28 Secure coding, pair programming, refactoring, and test-driven development are considered to be secure coding practices?
Next time someone ask, shh, just let it happen!
Next time someone ask, shh, just let it happen!
November 7, 2025 at 8:25 AM
Did you know that according to ISO 27001, 8.28 Secure coding, pair programming, refactoring, and test-driven development are considered to be secure coding practices?
Next time someone ask, shh, just let it happen!
Next time someone ask, shh, just let it happen!
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Overview - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
November 9, 2025 at 1:08 PM
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
The local Sri Lankan babysitter is caching in on far-right sentiment in UK using AI and Deepfakes for clickbaiting. Can’t blame them for trying to earn the extra bucks, but what about the consequences for Democracy?
Is democracy for sale on social media?
Should AI and social media play such a role?
Is democracy for sale on social media?
Should AI and social media play such a role?
How “pro-Britain” Facebook groups run from outside the UK are cashing in on anti-immigrant sentiment & sucking in Reform councillors. My latest for @theleaduk.bsky.social
national.thelead.uk/p/reform-cou...
national.thelead.uk/p/reform-cou...
Bots, AI memes and Reform councillors: How foreign Facebook pages are hijacking UK patriotism
Fake British “patriot” pages run from abroad are fooling thousands – including elected councillors.
national.thelead.uk
November 8, 2025 at 11:08 AM
The local Sri Lankan babysitter is caching in on far-right sentiment in UK using AI and Deepfakes for clickbaiting. Can’t blame them for trying to earn the extra bucks, but what about the consequences for Democracy?
Is democracy for sale on social media?
Should AI and social media play such a role?
Is democracy for sale on social media?
Should AI and social media play such a role?
AI will be one of the biggest challenges, yet, to democracy around the world. Fascism just got a incredible tool added to their toolbox.
How “pro-Britain” Facebook groups run from outside the UK are cashing in on anti-immigrant sentiment & sucking in Reform councillors. My latest for @theleaduk.bsky.social
national.thelead.uk/p/reform-cou...
national.thelead.uk/p/reform-cou...
Bots, AI memes and Reform councillors: How foreign Facebook pages are hijacking UK patriotism
Fake British “patriot” pages run from abroad are fooling thousands – including elected councillors.
national.thelead.uk
November 8, 2025 at 10:40 AM
AI will be one of the biggest challenges, yet, to democracy around the world. Fascism just got a incredible tool added to their toolbox.
Did you know that according to ISO 27001, 8.28 Secure coding, pair programming, refactoring, and test-driven development are considered to be secure coding practices?
Next time someone ask, shh, just let it happen!
Next time someone ask, shh, just let it happen!
November 7, 2025 at 8:25 AM
Did you know that according to ISO 27001, 8.28 Secure coding, pair programming, refactoring, and test-driven development are considered to be secure coding practices?
Next time someone ask, shh, just let it happen!
Next time someone ask, shh, just let it happen!
OWASP Top 10 2025 is going live now at owasp.org/Top10/
New is:
A03:2025 Software Supply Chain Failures
and…
A10:2025 Mishandling of Exceptional Conditions
The last one based on assessments done with OWASP SAMM core team members. I can take no credit here whatsoever. Congratulations!
New is:
A03:2025 Software Supply Chain Failures
and…
A10:2025 Mishandling of Exceptional Conditions
The last one based on assessments done with OWASP SAMM core team members. I can take no credit here whatsoever. Congratulations!
November 6, 2025 at 7:02 PM
OWASP Top 10 2025 is going live now at owasp.org/Top10/
New is:
A03:2025 Software Supply Chain Failures
and…
A10:2025 Mishandling of Exceptional Conditions
The last one based on assessments done with OWASP SAMM core team members. I can take no credit here whatsoever. Congratulations!
New is:
A03:2025 Software Supply Chain Failures
and…
A10:2025 Mishandling of Exceptional Conditions
The last one based on assessments done with OWASP SAMM core team members. I can take no credit here whatsoever. Congratulations!