banner
LightNews
sydseter.com
Uncle Joe
@sydseter.com
23K followers 18K following 800 posts
Co-leader OWASP Cornucopia. If you like what we do for open source, visit our code repository https://github.com/OWASP/cornucopia and give us a star ⭐ 🌈 «Difference is of the essence of humanity» 🦄 – John Hume #appsec #owasp #cornucopia #threatmodeling
github.com
Posts Media Videos Starter Packs
Pinned
sydseter.com
Uncle Joe @sydseter.com · Nov 25
If you want others to do threat modeling for you, then please, for the love of god, at least, make it a bit fun!
copi.owasp.org
cornucopia.owasp.org
#owasp #cornucopia #appsec #threatmodeling #threat-modeling
9 21 260
sydseter.com
Uncle Joe @sydseter.com · 21m
We are always looking for volunteer contributors. Get in touch if you can program Typescript, Python or Elixir!
Get that CV of yours fit for employment!
sydseter.com
Uncle Joe @sydseter.com · Feb 15
The great thing about contributing to OWASP Cornucopia is that you can immortalize yourself. So though I can’t escape this mortal world, I will survive as a threat actor in
@threatdragon.bsky.social and hopefully end up as a bug in your issue tracking system where I will haunt your waking hours.
1
Reposted by Uncle Joe
sydseter.com
Uncle Joe @sydseter.com · Mar 17
When ever a DM talks about replacing developers with AI. Remember that it’s not a novel idea and that you probably have heard it before told slightly differently.
3 4 24
sydseter.com
Uncle Joe @sydseter.com · 3h
We are always looking for volunteer contributors. Get in touch if you can program Typescript, Python or Elixir and get that CV of yours fit for employment!
sydseter.com
Uncle Joe @sydseter.com · Jul 1
We just had our 5th minor release in one year. Just wait for what comes next. This is what we have done over the last 13 months. If you like what we do for open source, visit our code repository github.com/OWASP/cornuc... and give us a star ⭐️
1.22.0: Translated decks in Spanish, French, Dutch, Portuguese (pt-br), Norwegian Support for multi-editions, leaflets, guids and languages Build and release pipeline for physical prints 2.0.0: Released OWASP Cornucopia Mobile App Edition 1.0 Released OWASP Cornucopia Website App Edition 2.0 Updated ASVS mapping from version 3.0 to 4.0.3 New Case design New Logo 2.1.0: New website released https://cornucopia.owasp.org wih card taxonomy QR codes on each cards that takes you to the new website New translations in Italian and Portuguese (pt-pt), Russian 2.2.0: Released https://copi.owasp.org 2.3.0: Released Elevation of MLSec at https://copi.owasp.org 2.4.0: Released OWASP Cumulus at https://copi.owasp.org
1 2 5
sydseter.com
Uncle Joe @sydseter.com · 1d
5 23
Reposted by Uncle Joe
owasp.org
OWASP® Foundation @owasp.org · 4d
📢 Exciting news! The Call for Trainers for our 2026 Global AppSec EU is now live! Got valuable content to share? Don't miss this opportunity to contribute to our community. Submit your proposal today at:
OWASP Global AppSec EU (Vienna) 2026 - CFT : Call for Sessions
OWASP Global AppSec Training Days are known for their top notch trainers and in-depth course material.  The OWASP Foundation would like to invite you ...
sessionize.com
1 5
Reposted by Uncle Joe
owasp.org
OWASP® Foundation @owasp.org · 3d
Calling all devs, hackers, and AppSec humans!
OWASP Contributor Fair = your chance to connect with OWASP projects + start contributing IRL. Register Project here: form.jotform.com/252...
2 2
Reposted by Uncle Joe
sydseter.com
Uncle Joe @sydseter.com · 8d
How do you get your dev team to shift left for real?

Shift-left doesn't start with scanning code for vulnerabilities; it begins with designing it.

Play yourself secure with OWASP Cornucopia Website Edition v2.2!

dev.to/owasp/how-do-you-get-your-dev-team-to-shift-left-by-themselves-for-real-3eap
How do you get your dev team to shift left by themselves for real?
Shift-left doesn't start with scanning the code for security vulnerabilities; it begins with...
dev.to
1 5 19
sydseter.com
Uncle Joe @sydseter.com · 8d
Thanks to @jefmeijvis.com and dotNET lab for providing the latest material for the website, and to Jon Gadsden for helping out with the cross-references to the OWASP Developer Guide: devguide.owasp.org/en/04-design/02-web-app-checklist/

#security #appsec #shiftleft #owasp #cornucopia
Overview - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
2
sydseter.com
Uncle Joe @sydseter.com · 8d
How do you get your dev team to shift left for real?

Shift-left doesn't start with scanning code for vulnerabilities; it begins with designing it.

Play yourself secure with OWASP Cornucopia Website Edition v2.2!

dev.to/owasp/how-do-you-get-your-dev-team-to-shift-left-by-themselves-for-real-3eap
How do you get your dev team to shift left by themselves for real?
Shift-left doesn't start with scanning the code for security vulnerabilities; it begins with...
dev.to
1 5 19
Reposted by Uncle Joe
owasp.org
OWASP® Foundation @owasp.org · 12d
Calling all AppSec pros, devs & security leaders! The OWASP Top 10 2025 is in the works & your input matters. Survey closes Oct 3 - don’t wait! forms.gle/jL3r5Xgg1H...
2 1
Reposted by Uncle Joe
owasp.org
OWASP® Foundation @owasp.org · 16d
Calling all AppSec pros, devs & security leaders! The OWASP Top 10 2025 is in the works & your input matters. Survey closes Oct 3 - don’t wait! forms.gle/jL3r5Xgg1H...
2 3
sydseter.com
Uncle Joe @sydseter.com · 17d
Because migration is so much pain they have no other choice.
sydseter.com
Uncle Joe @sydseter.com · 17d
They wouldn’t be able to do much else.
2
sydseter.com
Uncle Joe @sydseter.com · 17d
Know I understand why Solarwinds don’t have a Bug Bounty program.
sydseter.com
Uncle Joe @sydseter.com · 17d
Solarwinds are trying to patch a critical vulnerability that was introduced by a patch that had a critical vulnerability that patched another critical vulnerability that came from a patch that had a critical vulnerability meant to patch q critical vulnerability.

www.securityweek.com/solarwinds-m...
SolarWinds Makes Third Attempt at Patching Exploited Vulnerability
SolarWinds announced a hotfix for RCE vulnerability in Web Help Desk, and this is the third time it attempts to address the issue.
www.securityweek.com
2 23
sydseter.com
Uncle Joe @sydseter.com · 17d
You can’t make this up.
2 4
sydseter.com
Uncle Joe @sydseter.com · 17d
I may have lost track of it somewhere there.
sydseter.com
Uncle Joe @sydseter.com · 17d
Solarwinds are trying to patch a critical vulnerability that was introduced by a patch that had a critical vulnerability that patched another critical vulnerability that came from a patch that had a critical vulnerability meant to patch q critical vulnerability.

www.securityweek.com/solarwinds-m...
SolarWinds Makes Third Attempt at Patching Exploited Vulnerability
SolarWinds announced a hotfix for RCE vulnerability in Web Help Desk, and this is the third time it attempts to address the issue.
www.securityweek.com
2 15 30
Reposted by Uncle Joe
shehackspurple.bsky.social
Tanya Janca | SheHacksPurple @shehackspurple.bsky.social · 17d
I'm giving a 1-Day paid, live Training at OWASP Global AppSec in Washington DC, November 5th, 2025: API Security: Hands-On Secure API Design & Hardening

Learn more here! https://twp.ai/9PUYF0

#OWASP #OWASPGLOBALAPPSEC
1 2
Reposted by Uncle Joe
christian-folini.ch
Christian Folini @christian-folini.ch · 19d
Later today, I'll be hosting a ModSecurity / CRS community call

luma.com/8yc1p543

We'll be talking about success metrics, WAF testing and other integration questions.
CRS Community Call · Luma
A video call where the CRS dev team gets to meet their community face-to-face. A place for information exchange and questions for both newbies and experienced…
luma.com
4 6
Reposted by Uncle Joe
sydseter.com
Uncle Joe @sydseter.com · 21d
Enter the cybersecurity game challenge and get your cybersecurity game printed!

cybersecgames.com/pages/the-cy...
The CyberSec Game Challenge
Build trust, shape a culture and kick start conversations. Physical games for in person threat modelling, training and fun.
cybersecgames.com
3 9
sydseter.com
Uncle Joe @sydseter.com · 21d
Enter the cybersecurity game challenge and get your cybersecurity game printed!

cybersecgames.com/pages/the-cy...
The CyberSec Game Challenge
Build trust, shape a culture and kick start conversations. Physical games for in person threat modelling, training and fun.
cybersecgames.com
3 9
sydseter.com
Uncle Joe @sydseter.com · 21d
The quality was horrible, I used 3 days to get it all done, I had to hid from my boss the fact that I was laying off work to do it and when I was done, people were cutting themselves on the razor sharp card ages. Without you, we would still be sitting their with our scissors and laminate machines.
1 2
sydseter.com
Uncle Joe @sydseter.com · 21d
Thank you Simon Gibbs and Devika Gibbs for bringing games to cyber security.

When I started OWASP Cornucopia I couldn’t find the physical cards and had to print them out on a HP Instant Ink printer, cut each out, laminate the 82 cards and cut them out again.

m.youtube.com/watch?v=ByTI...
Simon Gibbs & Devika Gibbs -- Building Bridges with Games
YouTube video by The Application Security Podcast
m.youtube.com
1 6
Reposted by Uncle Joe
threatmodeling.dev
Izar Tarandach 🎗️ @threatmodeling.dev · 21d
A little appreciation post to the OWASP threat modeling tools.

www.linkedin.com/posts/izarta...
A Dragon and a Python walk into an OWASP card game... | Izar Tarandach 🎗️
A short post celebrating some of the Threat Modeling tools that OWASP makes available to the community. Give them a spin - no AI (yet!) but that shouldn't keep you away...
www.linkedin.com
1 1
Reposted by Uncle Joe
commjoenie.bsky.social
Jeroen @commjoenie.bsky.social · 22d
Just played Side-Scrolling Platformer! 🎮 Final score: 246 points on level 7! Can you beat it?

Play at: github.com/commjoen/gen...
GitHub - commjoen/generated-game-experiment: Private experiment to create a game with cursor
Private experiment to create a game with cursor. Contribute to commjoen/generated-game-experiment development by creating an account on GitHub.
github.com
1 1