Share your best practices
Share use cases, tips & ideas with other customers
- 17 Topics
- 33 Replies
This one is my favorite in Denver, and last week we learned about Karate Labs, which is an awesome open source tool for API testing (functional mostly, but could also be used for security tests):https://www.linkedin.com/posts/ourythomas_great-meetup-today-in-denver-with-team-karate-activity-7039467559452123136-r17PWhat meetups do you attend regularly to stay up to date and network?
I just discovered James Mickens, who is a CS professor at Harvard, and has lots of great videos about technology, cybersecurity and the joys of working in tech. This video was linked to in a Hacker News discussion and I started watching and then got sucked in and watched the whole thing: The next one I watched was a fascinating analysis of what blockchain was good for in the business world (hint: he claims nothing) and it does a great job of conveying in simple terms how the blockchain works: I’m definitely going to watch everything he has online!Some of my other favorites are these blogs:https://www.schneier.com/https://krebsonsecurity.com/ (I got to see Brian speak at the last SpiceWorld I went to, in the before times, and he was awesome).How about you? What are your favorite videos, podcasts or websites for staying up to date on tech and cybersecurity?
Major social networks like Facebook, Instagram and Twitter have had more than their fair share of security issues including phishing, account/password jacking, and more. How do these known issues affect your own usage of social media? Do you tread carefully? Do you avoid these networks at all costs? Have you gotten your own account hacked?Read more about a recent Instagram vulnerability that earned an India based bug hunter a $30,000 bounty!
Since ThreatModeler does not support file directories, what are people using to emulate that? We are adding a read only group, which 99% of my user base is in, to our existing threat models so everyone can see each other’s work and we had a lot of orphaned threat models because the author left the department and we didn’t have a group owner on the threat models. What this means though, is that suddenly the threat modelers will have a huge glob of threat models, when they first log in and I was hoping to have some organization for them. thanks
Read a Forbes article written by ThreatModeler founder and CEO Archie Agarwal on what makes a good threat model by clicking here.Excerpt: To answer the question of what makes a “good” threat model, I think it’s a good idea to establish what makes a threat model “bad.” As far as I am concerned, a bad threat model is something that you cannot use to communicate with nonsecurity professionals, such as developers or senior leadership. A bad threat model is also one that has a bad input, which will yield a bad output (“garbage in, garbage out”).
At the DHS/CISA Summit tomorrow, the Cyber Tech Accord (ThreatModeler is a signatory!!!) will take the stage for their panel discussion "The Importance of Vulnerability Handling""The debate will explore issues including the need to demystify vulnerabilities – clarifying what they are, what they are not, and why good vulnerability disclosure policies should be the norm across the technology industry. It will also touch upon guidance and regulations established by governments and independent organizations on vulnerability handling, and what are good common principles."So, how do you define vulnerabilities? How do they vary by industry/sector?
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.