5,000 subscribers for my monthly newsletter, wow! Thank you, all of you, for learning about #securecoding and #appsec with me! 
The newsletter has come a long way since 2018!
Join free, here: https://twp.ai/4io8XN
#applicationsecurity
#applicationsecurity
0 posts0 participants0 posts today
Get ready to connect with 800+ security professionals at the OWASP Global AppSec US Conference, the largest OWASP event in the U.S.
5,000 subscribers for my monthly newsletter, wow! Thank you, all of you, for learning about #securecoding and #appsec with me! The newsletter has come a long way since 2018!
Join free, here: https://twp.ai/4io3cd
#applicationsecurity
Exhibitor & Sponsorship Opportunities are now open for OWASP Global AppSec USA 2025 in Washington, D.C.!
Looking to make the biggest impact?
Our Diamond Expo Package offers premier visibility, prime booth placement, and exclusive access to OWASP’s highly engaged, global AppSec audience.
Get Ready for OWASP Global AppSec USA 2025!
This event is built for everyone in the CyberSec community, whether you want to expand your skills or discover new solutions, this is the event for you.
Register now: https://owasp.glueup.com/event/131624/register/
Time’s running out!
Final chance to register for OWASP Global AppSec EU 2025 in Barcelona!
Get ready for an incredible week of innovation, collaboration, and the latest in application security.
Expert-led sessions Hands-on trainings Global networking opportunities
May 27–31, 2025
Barcelona, Spain
Secure your spot today: https://owasp.glueup.com/event/123983/register/
Meet the Keynote Speakers for OWASP Global AppSec EU 2025 in Barcelona! 
Join us May 26-30, 2025, for an incredible lineup of speakers, including two industry leaders shaping the future of cybersecurity.
Dr. Kate Labunets – Assistant Professor, Utrecht University
Sarah-Jane Madden – Director of Cyber Defense, Fortive
I'm troubled by how many friends and colleagues in #ProductSecurity and related spaces have shared how little our industry's entry-level and mid-level entry processes emphasize security basics. From people being thrown into vuln management with missing information about what CVSS is and how to use it, to #ApplicationSecurity hires that aren't being given a path to learn about how software is developed and deployed.
Thank you so much, @code_armor! Super excited to have you onboard as a Silver exhibitor at #OWASP Global AppSec EU Barcelona 
Check out more details here: https://barcelona.globalappsec.org #developer #cybersecurity #barcelona #applicationsecurity #appsec #supportnonprofit
Speaker Spotlight: Meet @aruneeshsalhotra at the OWASP Security Summit, where he'll be sharing critical insights on #DevSecOps #PromptEngineering and #AppSec
Whether you're a developer, CISO, or tech leader, this is your chance to learn actionable strategies from the best in the game.
Save the date! Your app security IQ is about to level up. https://www.developerweek.com/conference/owasp-security-summit/
Speaker Spotlight: Meet @aruneeshsalhotra at the OWASP Security Summit, where he'll be sharing critical insights on #DevSecOps #PromptEngineering and #AppSec
Whether you're a developer, CISO, or tech leader, this is your chance to learn actionable strategies from the best in the game.
Save the date! Your app security IQ is about to level up. https://www.developerweek.com/conference/owasp-security-summit/
During my Christmas vacation, I found the time to write a new #blog this time it is about how to configure #keycloak to make it more secure (in an attempt to keeping up appearances that this is indeed a tech account, lol).
I'd appreciate any and all feedback. Enjoy!
https://linuslagerhjelm.se/posts/technology/securing-keycloak/
linuslagerhjelm.seSecuring your keycloak instancePersonal website and blog for Linus Lagerhjelm
Join #ApplicationSecurity experts @SheHacksPurple ("Alice and Bob Learn Application Security", @adamshostack ("Threat Modeling: Designing for Security"), and @izar_tarandach ("Threat Modeling") as they discuss #ThreatModeling for #developers.
I doubt that many of my followers are familiar with Xunlei Accelerator, this application being mostly used in China. I came across it due to its popular Chrome extension with 28 million users. I looked into the security of this applications and… security? What security?
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
An overview:
· Program installation directory writable by any user.
· The built-in browser is based on a three years old Chromium.
· That browser exposed a powerful internal API to arbitrary websites (⇨ code execution among others).
· This browser could also be opened by any website loaded in the user’s regular browser, without any user interaction.
· XSS vulnerabilities in the display of messages in the main application, despite using React (⇨ code execution).
· Electron’s renderer sandboxing effectively rendered ineffective.
· Local webserver using “authentication” based on a “secret” hardcoded string.
· Plugin installation can be triggered by any website (⇨ code execution).
· Plugin list downloads via insecure HTTP connection (⇨ code execution).
· Rudimentary HTTP client used in some places, with memory safety issues and recognizing exactly two server responses.
· Tons of outdated third-party code, including (but not limited to) two years old FFmpeg, twelve years old libpng and eight years old zlib.
The vendor fixed the most obvious ways to exploit these issues. With the communication being spotty to say the least, I don’t know whether they plan to do more.
Almost Secure · Numerous vulnerabilities in Xunlei Accelerator applicationLooking into Xunlei Accelerator, I discovered a number of flaws allowing remote code execution from websites or local network. It doesn’t look like security was considered when designing this application.
Intro post for my new alt!
#Hashtags for being found by: I'm a #treehugger, #bicycle commuter, #SoftwareDeveloper, #ApplicationSecurity enthusiast, and #Linux user. I love #reading #ScienceFiction but have to parse it out slowly.
I'm something of a #hippie -- I go #barefoot much of the time, I don't have a smartphone (#NoSmartphone?), I try to "Eat Food, #MostlyPlants, Not Too Much". And I have a deep respect and love of #nature and its systems, even the uncharismatic parts.
I think #FreeSpeech is super important, but that it comes with the responsibility to #BeKind to others in the process.