My appsec roundup for August is out
https://shostack.org/blog/appsec-roundup-august-2024/
Brett Crawley released Threat Modeling Gameplay with EoP: A reference manual for spotting threats in software architecture, published by Packt, a full book on the game. Awesome! (I was honored to write the Foreword.)
In a blog post at Forbes, Zak Doffman discusses a New Warning As ‘Spike’ In GPS Spoofing Attacks Hit Passenger Planes, citing a rise from 200 daily incidents to 900 in Q2, 2024. It’s really nice to see quantified rates, and this echos a theme, that the threat to GPS location is growing.
Chris Martorella of Miro has released a template, Threat Modeling - STRIDE on their platform.
The Australian government led a coalition who released Best Practices for Event Logging and Threat Detection. It’s probably useful for reviewing operational logging practice, despite a focus on APTs (to the exclusion of ransomware or other attackers), and a confusion about the relationship of “baseline” to “best.”
Adam Shostack :donor: :rebelverified: /
npub1s7…grcqn
2024-09-03 17:20:14
Author Public Key
npub1s7cghayd6cuu7tnvxw6xlxq5ddz0grs956tzwsqj59v5vvucgd7sdgrcqnSeen on
wss://relay.noswhere.comPublished at
2024-09-03 17:20:14Event JSON
{
"id": "c541561315bc36fa9544921cee2f99e1e34bc36a24be6e56c69eb7e2c23499fd",
"pubkey": "87b08bf48dd639cf2e6c33b46f98146b44f40e05a696274012a159463398437d",
"created_at": 1725376814,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@adamshostack/113074294931245154",
"web"
],
[
"proxy",
"https://infosec.exchange/users/adamshostack/statuses/113074294931245154",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/adamshostack/statuses/113074294931245154",
"pink.momostr"
],
[
"-"
]
],
"content": "My appsec roundup for August is out\n\nhttps://shostack.org/blog/appsec-roundup-august-2024/\n\nBrett Crawley released Threat Modeling Gameplay with EoP: A reference manual for spotting threats in software architecture, published by Packt, a full book on the game. Awesome! (I was honored to write the Foreword.)\n In a blog post at Forbes, Zak Doffman discusses a New Warning As ‘Spike’ In GPS Spoofing Attacks Hit Passenger Planes, citing a rise from 200 daily incidents to 900 in Q2, 2024. It’s really nice to see quantified rates, and this echos a theme, that the threat to GPS location is growing.\n Chris Martorella of Miro has released a template, Threat Modeling - STRIDE on their platform.\n The Australian government led a coalition who released Best Practices for Event Logging and Threat Detection. It’s probably useful for reviewing operational logging practice, despite a focus on APTs (to the exclusion of ransomware or other attackers), and a confusion about the relationship of “baseline” to “best.”",
"sig": "96317cc363f0f46a7873d08de5003efa3571fa7700ca613bb829ac7d67172d778383ac6ccb8ed04ebb103915c9634e92d5ed069561f591d2658cc7c24e926d60"
}