Uncle Joe
@sydseter.com
Co-leader OWASP Cornucopia. If you like what we do for open source, visit our code repository https://github.com/OWASP/cornucopia and give us a star ⭐
🌈 «Difference is of the essence of humanity» 🦄 – John Hume
#appsec #owasp #cornucopia #threatmodeling
🌈 «Difference is of the essence of humanity» 🦄 – John Hume
#appsec #owasp #cornucopia #threatmodeling
Pinned
Uncle Joe
@sydseter.com
· Nov 25
If you want others to do threat modeling for you, then please, for the love of god, at least, make it a bit fun!
copi.owasp.org
cornucopia.owasp.org
#owasp #cornucopia #appsec #threatmodeling #threat-modeling
copi.owasp.org
cornucopia.owasp.org
#owasp #cornucopia #appsec #threatmodeling #threat-modeling
Hear, hear!
Everyone should be submitting this to Apple and Google.
I recommend submitting a complaint.
January 7, 2026 at 7:06 PM
Hear, hear!
Reposted by Uncle Joe
✨ Happy New Year! ✨
A new year begins, and a special celebration awaits. Join us in 2026 as we mark our 25th Anniversary together 🎉
#appsec #newyear #owasp #25thanniversary #cybersecurity #community
A new year begins, and a special celebration awaits. Join us in 2026 as we mark our 25th Anniversary together 🎉
#appsec #newyear #owasp #25thanniversary #cybersecurity #community
January 1, 2026 at 1:09 PM
✨ Happy New Year! ✨
A new year begins, and a special celebration awaits. Join us in 2026 as we mark our 25th Anniversary together 🎉
#appsec #newyear #owasp #25thanniversary #cybersecurity #community
A new year begins, and a special celebration awaits. Join us in 2026 as we mark our 25th Anniversary together 🎉
#appsec #newyear #owasp #25thanniversary #cybersecurity #community
Reposted by Uncle Joe
🎉 New year, new AppSec goals! Early Bird tickets for OWASP Global AppSec Vienna 2026 are live
owasp.glueup.com/eve...
25 years of OWASP 🇦🇹 Training + Conference + hands-on learning 🚀 Don’t miss out! 🔐
#appsec #owasp #cybersecurity #earlybird #conference #training
owasp.glueup.com/eve...
25 years of OWASP 🇦🇹 Training + Conference + hands-on learning 🚀 Don’t miss out! 🔐
#appsec #owasp #cybersecurity #earlybird #conference #training
January 2, 2026 at 3:51 PM
🎉 New year, new AppSec goals! Early Bird tickets for OWASP Global AppSec Vienna 2026 are live
owasp.glueup.com/eve...
25 years of OWASP 🇦🇹 Training + Conference + hands-on learning 🚀 Don’t miss out! 🔐
#appsec #owasp #cybersecurity #earlybird #conference #training
owasp.glueup.com/eve...
25 years of OWASP 🇦🇹 Training + Conference + hands-on learning 🚀 Don’t miss out! 🔐
#appsec #owasp #cybersecurity #earlybird #conference #training
Never thought I’d find Foster’s lager in a rural village in northern Spain. It’s a real odity as Mahou and Estrella Galicia is usually all you find. I am well aware that it’s not really Australian, but still.If you ever think about going to Spain I recommend my second home Asturias, the celtic Spain
December 30, 2025 at 4:09 PM
Never thought I’d find Foster’s lager in a rural village in northern Spain. It’s a real odity as Mahou and Estrella Galicia is usually all you find. I am well aware that it’s not really Australian, but still.If you ever think about going to Spain I recommend my second home Asturias, the celtic Spain
It has become obvious clear to me that large part of world are either trying too hard to follow the example of Sir Nevile Henderson with regards to Ukraine or are too occupied with what they themselves can get out of it to care about the common good. It does not bode well unless we grow a spine.
December 27, 2025 at 2:39 PM
It has become obvious clear to me that large part of world are either trying too hard to follow the example of Sir Nevile Henderson with regards to Ukraine or are too occupied with what they themselves can get out of it to care about the common good. It does not bode well unless we grow a spine.
“The Trump administration will no longer tolerate these egregious acts of extraterritorial censorship.”
So that censorship and hate can continue unabated.
www.theguardian.com/technology/2...
So that censorship and hate can continue unabated.
www.theguardian.com/technology/2...
European leaders condemn US visa bans as row over ‘censorship’ escalates
Washington accused of ‘coercion and intimidation’ after five leading figures behind digital safety law campaign targeted
www.theguardian.com
December 25, 2025 at 7:24 AM
“The Trump administration will no longer tolerate these egregious acts of extraterritorial censorship.”
So that censorship and hate can continue unabated.
www.theguardian.com/technology/2...
So that censorship and hate can continue unabated.
www.theguardian.com/technology/2...
And so we are gathered here today in memory of a life not well lived that lasted no shorter than what was expected. Together with all the grieving relatives, relieved that management pulled the plug after AI made it to expensive.
December 24, 2025 at 8:57 AM
And so we are gathered here today in memory of a life not well lived that lasted no shorter than what was expected. Together with all the grieving relatives, relieved that management pulled the plug after AI made it to expensive.
This is a typical example of how the use of autonomous cars have been premature. AI is great at pattern recognition, but when something unplanned happens the only safe course of action is shutting down. No human means full stop. Any critical system that work less than 99,99% of the time is flawed.
PG&E is having a massive outage in San Francisco. Waymo robots aren't handling the traffic light outages well. Cell service is also out is some places.
No surprise as Waymo robots & cell have repeatedly failed during power outages.
CPUC regulates both Waymo and PG&E (Profit Greed & Explosions).
No surprise as Waymo robots & cell have repeatedly failed during power outages.
CPUC regulates both Waymo and PG&E (Profit Greed & Explosions).
December 21, 2025 at 6:03 PM
This is a typical example of how the use of autonomous cars have been premature. AI is great at pattern recognition, but when something unplanned happens the only safe course of action is shutting down. No human means full stop. Any critical system that work less than 99,99% of the time is flawed.
AI is not taking over the world anytime soon.
California judge rules that Tesla engaged in deceptive marketing around Autopilot www.cnbc.com/2025/12/16/c...
“.. Tesla Robotaxis are crashing once every 40,000 miles, whereas the average human driver in the US crashes about once every 500,000 miles.” sherwood.news/tech/teslas-...
“.. Tesla Robotaxis are crashing once every 40,000 miles, whereas the average human driver in the US crashes about once every 500,000 miles.” sherwood.news/tech/teslas-...
California judge rules that Tesla engaged in deceptive marketing around Autopilot
An administrative law judge in California ruled Tesla's license to sell or manufacture cars in the state should be suspended for 30 days.
www.cnbc.com
December 17, 2025 at 7:50 PM
AI is not taking over the world anytime soon.
Reposted by Uncle Joe
Thoughts and prayers to all you anti-gay conservative Christian men, like Mike Johnson and Lindsey Graham.
December 16, 2025 at 9:59 PM
Thoughts and prayers to all you anti-gay conservative Christian men, like Mike Johnson and Lindsey Graham.
It’s vital that we support open source software. Without it, our ability to respond to challenges and manage our lives will diminish, so will our ability to survive. Even the multi trillion dollar software industry is born on the backs of free- and open source kode.
After taking over housing and healthcare, private equity is now buying up software used by volunteer fire departments — making it even harder for rural communities to respond to emergencies.
The only winners from private equity's price-gouging spree are wealthy investors.
The only winners from private equity's price-gouging spree are wealthy investors.
Private Equity Finds a New Source of Profit: Volunteer Fire Departments
www.nytimes.com
December 15, 2025 at 7:50 PM
It’s vital that we support open source software. Without it, our ability to respond to challenges and manage our lives will diminish, so will our ability to survive. Even the multi trillion dollar software industry is born on the backs of free- and open source kode.
Reposted by Uncle Joe
I will be speaking at OWASP Leiria Meetup December 18th, come join us online for free! Corey .J Ball will also be there, and I will be discussing "Minimal Viable AppSec", how to build a program on a budget. Let's go! #owasp #appsec
https://twp.ai/9PXxkf
https://twp.ai/9PXxkf
December 14, 2025 at 3:07 AM
I will be speaking at OWASP Leiria Meetup December 18th, come join us online for free! Corey .J Ball will also be there, and I will be discussing "Minimal Viable AppSec", how to build a program on a budget. Let's go! #owasp #appsec
https://twp.ai/9PXxkf
https://twp.ai/9PXxkf
Reposted by Uncle Joe
💡 Very interesting article about output escaping in an API context:
#appsec #appsecurity #api
treblle.com/blog/api-esc...
#appsec #appsecurity #api
treblle.com/blog/api-esc...
It’s an API, do I really need to escape anything? - Treblle
Escaping output is often overlooked in APIs, but it’s crucial for preventing security vulnerabilities like XSS attacks. Even when returning JSON, unsafe characters can lead to risks if not properly es...
treblle.com
December 14, 2025 at 7:51 AM
💡 Very interesting article about output escaping in an API context:
#appsec #appsecurity #api
treblle.com/blog/api-esc...
#appsec #appsecurity #api
treblle.com/blog/api-esc...
Last time I voted — I voted on what my son told me to vote for. He’s 11. Next time, I’ll make sure to include my second son as well. Whatever they decide, I’ll go for it. Kids need to learn the importance of democracy. It’s essential for protecting our rights and liberties.
December 11, 2025 at 8:07 AM
Last time I voted — I voted on what my son told me to vote for. He’s 11. Next time, I’ll make sure to include my second son as well. Whatever they decide, I’ll go for it. Kids need to learn the importance of democracy. It’s essential for protecting our rights and liberties.
When ever I think about how we are empowering #AI agents to do the the shopping for us it reminds me of this incredible mind reader from Belgium that wasn’t so incredibly after all. #Online #fraudsters just got a super weapon.
youtu.be/F7pYHN9iC9I
youtu.be/F7pYHN9iC9I
Amazing mind reader reveals his 'gift'
YouTube video by Duval Guillaume
youtu.be
December 10, 2025 at 11:25 AM
When ever I think about how we are empowering #AI agents to do the the shopping for us it reminds me of this incredible mind reader from Belgium that wasn’t so incredibly after all. #Online #fraudsters just got a super weapon.
youtu.be/F7pYHN9iC9I
youtu.be/F7pYHN9iC9I
Racism and bigotry asides. The thought of going scares the life shit out of me and the rest of the family.
TRUMP: “I said why is it we only take people from shithole countries? Why can't we have some people from Norway, Sweden, Denmark… But we always take people from Somalia— places that are filthy, dirty, disgusting.”
Such a mystery what he means when he says this stuff, isn’t it?
Such a mystery what he means when he says this stuff, isn’t it?
December 10, 2025 at 6:44 AM
Racism and bigotry asides. The thought of going scares the life shit out of me and the rest of the family.
Reposted by Uncle Joe
🔥 London OWASP Training Days Trainer Spotlight!🔥
We’re thrilled to feature @GrantOngers, who’ll be delivering a 1-Day Training: API Basics for Security Engineers & API Security for Everyone. Ready to level up your API security skills? Don’t miss this one.
See full details: owasp.glueup.com/eve...
We’re thrilled to feature @GrantOngers, who’ll be delivering a 1-Day Training: API Basics for Security Engineers & API Security for Everyone. Ready to level up your API security skills? Don’t miss this one.
See full details: owasp.glueup.com/eve...
December 5, 2025 at 1:01 PM
🔥 London OWASP Training Days Trainer Spotlight!🔥
We’re thrilled to feature @GrantOngers, who’ll be delivering a 1-Day Training: API Basics for Security Engineers & API Security for Everyone. Ready to level up your API security skills? Don’t miss this one.
See full details: owasp.glueup.com/eve...
We’re thrilled to feature @GrantOngers, who’ll be delivering a 1-Day Training: API Basics for Security Engineers & API Security for Everyone. Ready to level up your API security skills? Don’t miss this one.
See full details: owasp.glueup.com/eve...
Reposted by Uncle Joe
🎤 So You Want to be an OWASP Speaker?
OWASP is turning 25! 🎉 Join our FREE session to get tips, build confidence, and learn how to become a standout speaker. Whether you're new or experienced, we’ll help you shine on stage.
👉 owasp.glueup.com/eve...
#appsec #cybersecurity #devsecops #upskill
OWASP is turning 25! 🎉 Join our FREE session to get tips, build confidence, and learn how to become a standout speaker. Whether you're new or experienced, we’ll help you shine on stage.
👉 owasp.glueup.com/eve...
#appsec #cybersecurity #devsecops #upskill
December 8, 2025 at 4:41 PM
🎤 So You Want to be an OWASP Speaker?
OWASP is turning 25! 🎉 Join our FREE session to get tips, build confidence, and learn how to become a standout speaker. Whether you're new or experienced, we’ll help you shine on stage.
👉 owasp.glueup.com/eve...
#appsec #cybersecurity #devsecops #upskill
OWASP is turning 25! 🎉 Join our FREE session to get tips, build confidence, and learn how to become a standout speaker. Whether you're new or experienced, we’ll help you shine on stage.
👉 owasp.glueup.com/eve...
#appsec #cybersecurity #devsecops #upskill
I have a better idea. What if we just abolished the use of X in Europe? Again, just an idea. I am simply spitballing here.
The calls from America this weekend to "abolish the EU" are for one simple reason: the EU is the only thing that can keep European nation-states from becoming Russian or American vassals.
The US has declared rhetorical war on the EU
The calls from America this weekend to destroy the EU are revealing. They hate the union because it's the only thing that can keep European countries from being Russian or American vassals.
davekeating.substack.com
December 8, 2025 at 9:55 AM
I have a better idea. What if we just abolished the use of X in Europe? Again, just an idea. I am simply spitballing here.
Reposted by Uncle Joe
The call for papers for NDC Security ends tomorrow. Come do your talk in Oslo: ndcsecurity.com/call-for-pap...
December 6, 2025 at 9:27 PM
The call for papers for NDC Security ends tomorrow. Come do your talk in Oslo: ndcsecurity.com/call-for-pap...
Reposted by Uncle Joe
The only thing worse is to give someone executive power to change the rules during the game. When combined you’re doomed to loose.
Never grant anyone unlimited jail free cards in Monopoly. Sooner or later it’s bound to end very badly.
December 4, 2025 at 7:47 PM
The only thing worse is to give someone executive power to change the rules during the game. When combined you’re doomed to loose.
Reposted by Uncle Joe
Never grant anyone unlimited jail free cards in Monopoly. Sooner or later it’s bound to end very badly.
December 4, 2025 at 7:40 PM
Never grant anyone unlimited jail free cards in Monopoly. Sooner or later it’s bound to end very badly.
The only thing worse is to give someone executive power to change the rules during the game. When combined you’re doomed to loose.
Never grant anyone unlimited jail free cards in Monopoly. Sooner or later it’s bound to end very badly.
December 4, 2025 at 7:47 PM
The only thing worse is to give someone executive power to change the rules during the game. When combined you’re doomed to loose.
Never grant anyone unlimited jail free cards in Monopoly. Sooner or later it’s bound to end very badly.
December 4, 2025 at 7:40 PM
Never grant anyone unlimited jail free cards in Monopoly. Sooner or later it’s bound to end very badly.
Tools doesn’t help, what does? The best remedy is to establish a long-term relationship with an external penetration tester and test every software release. It’s the best shift-left strategy you can go for, to shift more, continous threat modeling, test-driven peer programming is the way to go.
Most shift-left strategies fail because they rely on automation. Automation is not a silver bullet. I recently went through all our SAST and SCA findings for last year, all 2500 of them. We use two very popular SAST tools. One of them also does SCA. We only had 11 that not were false-positives.(1/4)
December 3, 2025 at 9:53 AM
Tools doesn’t help, what does? The best remedy is to establish a long-term relationship with an external penetration tester and test every software release. It’s the best shift-left strategy you can go for, to shift more, continous threat modeling, test-driven peer programming is the way to go.