Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Building Security Champions”
https://twp.ai/4ioVSb
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Top Ten Security Tips for APIs” https://twp.ai/4ioX6N
Join renowned expert Adam Shostack for a 3-day Threat Modeling Intensive, Nov 3–5, at OWASP Global AppSec USA 2025.
You’ll sharpen core threat modeling skills, then dive into how AI can support (and sometimes confuse) the process. Learn to evaluate what AI tools get right—and wrong—and how to integrate them responsibly into your security workflows.
Ready, set, go! Register now to get your package for the Open Security Conference 2025. 
When? October 2-5
Where? Close to Frankfurt am Main, Germany
Why? It's a one of a kind conference!
Open space, from the community for the community, including everyone interested in cybersecurity. What we value: https://opensecurityconference.org/about/values/
Register now: https://opensecurityconference.org/conference/registration
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Shifting Security Everywhere” - Not just LEFT anymore! https://twp.ai/4ioasq
Join Robert Hurlbut for AI Whiteboard Hacking, a 2-day hands-on threat modeling training, happening Nov 4–5 at OWASP Global AppSec USA 2025.
Register: https://owasp.glueup.com/event/131624/register/
Explore real-world AI threats like prompt injection and data poisoning and learn how to design secure AI systems using the proven DICE methodology.
Liebe #AppSec Community!
(English below)
Wir *) haben nun offiziell den Call for Presentations des German #OWASP2025 Days 2025 eröffnet und freuen uns auf eine spannende Konferenz!
Der GOD, so wie der traditionell heißt, wird dieses Jahr am 26.11. in Düsseldorf stattfinden, mit Trainings am Vortrag und dem üblichen Networking-Event am Vorabend.
Wir wollen an die letztjährige Konferenz in Leipzig, die tollen Zuspruch bekommen hat, anknüpfen und suchen dich als Sprecherin oder Sprecher. Falls du ein spannendes Thema hast, was du dort vorstellen möchtest, würden wir uns freuen, wenn du dem Programmkomitee deine Idee unterbreiten würdest. Den CfP findest du unter https://god.owasp.de/2025/cfp . Wir haben Slots mit 20 und 40 Minuten Präsentationszeit.
Falls du Bekannte oder Kolleginnen/Kollegen kennst, die vielleicht gerne ihr Thema in Düsseldorf vorstellen wollen, leite dies gerne weiter.
-----
We've *) just opened the Call for Presentations for the German OWASP Day 2025 and looking much forward to an exciting conference, again.
This year's conference, nicknamed GOD traditionally, will take place on November 26 in Düsseldorf with training sessions the day before and the usual networking event the evening before.
We want to build on last year's conference in Leipzig, which was very well received, and thus are looking for you as a speaker. If you have an exciting topic that you would like to present in Düsseldorf, we would be delighted if you would submit your idea to the program committee. You can find the CfP at https://god.owasp.de/2025/en/cfp.html . We have slots with 20 and 40 minutes presentation time.
If you have friends or colleagues who might be interested presenting their topic, please pass this on.
*) "Wir" bedeutet wie jedes Jahr ein Team von Leuten, die dies ehrenamtlich mit viel Einsatz auf die Beine stellen.
As every year "we" is a team of volunteers who put this together with a great deal of commitment.
5,000 subscribers for my monthly newsletter, wow! Thank you, all of you, for learning about #securecoding and #appsec with me! 
The newsletter has come a long way since 2018!
Join free, here: https://twp.ai/4io3cd
#applicationsecurity
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Secret Hunting” - Finding secrets code! #notgood https://twp.ai/4ioboP
After compromising every endpoint within an organization, our “Caught in the FortiNet” blog series comes to an end with one more thing.
Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS:
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“DevSecOps Worst Practices” https://twp.ai/4ioMmQ
Do you want your brand at the forefront of application security?
Exhibitor and sponsorship spots for OWASP Global AppSec USA 2025 in Washington, D.C. are filling up fast. Don’t miss your chance to connect directly with 800+ AppSec experts, developers, and industry leaders.
Interested in standing out? Ask about our Diamond Expo Package!
Learn more: https://owasp.wufoo.com/forms/zef12s814ryx8d/
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Adding SAST to CI/CD, Without Losing Any Friends” https://twp.ai/4ioPde
Exciting news! 
I’ve published my slides for “Security Champions Worst Practices” from my talk at #OWASP Global #AppSec in Barcelona! You can grab the PDF, watch a recording, and see fun photos on my blog. #owaspglobalappsec #securitychampions
Virtual-friendly Packages available Built for developers + security pros Fun, funny, and full of practical, actionable advice
DM or email me for deets! Tanya [AT] shehackspurple [DOT] ca
#CyberSecurityAwarenessMonth #SecurityAwarenessMonth #SecureCoding #appsec
3/3
With 25+ presentations to choose from, I cover everything from #securecoding and #threatmodeling to AI risks and #AppSec—always with humor, clarity, and actionable takeaways.
These aren’t just talks—they’re lessons your team will remember.
2/3
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
"Maturing Your Application Security Program" https://twp.ai/4ioSXE
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
"Using Artificial Intelligence, Safely" https://twp.ai/4ioTmJ
Join Kim Wyuts and Avi Douglen on November 5 at OWASP Global AppSec USA 2025 for a powerful 1-day, hands-on training that goes beyond policies and into real privacy engineering.
Register now! https://owasp.glueup.com/event/131624/register/
You'll learn how to:
Map and analyze data flows
Spot and mitigate privacy threats with LINDDUN
Tackle privacy risks amplified by AI systems
REGISTER: 
