So @ElarLang just published version 5.0.0 of OWASP ASVS, live on stage at @OWASP Global AppSec EU Barcelona 2025!
We released v18.0.0! It removes @nodejs.org 18.x support; mitigates local build issues w/ libxmljs; adds a new ⭐⭐⭐⭐⭐-challenge; adds a @defcon.bsky.social 33 theme for the @owasp.org collab w/ @blueteamvillage.bsky.social; fixes some bugs w/ telemetry, cats, and coupons! github.com/juice-shop/j...
Threat Dragon version 2.5 released:
github.com/OWASP/threat...
This release has some enhancements:
* Add demo models from the Threat Model Cookbook
* Multiple Diagrams: copy diagrams from the edit page
* Extend DIE to be CIA-DIE
* Updates to Portuguese translation
Exciting news! 🚀 Join us at #OWASP Global #AppSec USA this November for a chance to become a mentor at our Meet the #Mentor event. Share your expertise, inspire future AppSec leaders, and be part of a thriving community.
Secure your spot here: owasp.wufoo.com/form...
The Developer Guide is now at version 4.1.9, with sunstantial changes to the application checklist:
github.com/OWASP/DevGui...
The OWASP Developer Guide content has been migrated to the new site: devguide.owasp.org/
The DevGuide helps developers navigate the many OWASP projects and provides some advice along the way
We have now migrated the Spanish translation to the new site :
devguide.owasp.org/es/
Developer Guide version 4.1.8 has been released
The Developer Guide has been brought back in to original OWASP/DevGuide repo:
github.com/OWASP/DevGui...
Threat Dragon version 2.4.1 released
This is a bug-fix release :
- Fix for unexpected label on Trust Boundary Box
- Fix of background for data flows and trust boundary curve labels
- priority level ‘TBA’ renamed to ‘TBD’
github.com/OWASP/threat...
Threat Dragon version 2.4 released:
github.com/OWASP/threat...
This release has some new features such as:
* New threat priorities
* Create a new branch within a repository
* Provide TLS environment variables
* Export model diagrams as PNG, JPEG or SVG
and threat model diagram enhancements
ThreatModCon
The World’s Only Conference Dedicated To Threat Modeling
The conference is dedicated to providing a platform for threat modeling practitioners and AppSec leaders to delve into the latest trends & share best practices
www.threatmodcon.com
🚀 Exciting news! Join the OWASP Global #AppSec EU event in Barcelona! Grab your Early Bird tickets now to save $$, connect with #cybersecurity experts, and boost your knowledge. Don't miss out on this opportunity: owasp.glueup.com/eve...
#devsecops #AI #threatmodeling #infosec #owaspglobalappsec
Developer Guide version 4.1.7 has been released
A minor change that uses project names for all section headers:
github.com/OWASP/www-pr...
A special thanks to Mohamed El-Bohy
for adding the ‘threats by context’ and ‘threats by element’ as part of his successful Google Summer of Code project
Threat Dragon version 2.3 released:
github.com/OWASP/threat...
a bit delayed from the initial date of September 2024
Many thanks to Trevor Young from @securitycompass for presenting his talk "Security by Design, Not Injection" at the OWASP London Chapter Meetup last Monday!
The recording of the talk is now available to watch 📺 on the OWASP London YouTube Channel [please subscribe!]:👇
youtu.be/KCZfJ-60kWE?...
Threat Dragon version 2.3.0 is at pre-release, the final block is getting the windows installer code-signed
everything else is in place for MacOS, Linux, Docker, web, Snap
version 2.3.0 is stuck on MacOS notarization and Windows application code signing
hence the delay of the release originally planned for October
but we are working on it
My talk at Threat Modeling Connect's ThreatModCon Lisbon 2024 was on Inherent Threats and how we manage them.
https://shostack.org/blog/inherent-threats-threatmodcon/
I have created a Blue Sky starter pack for @OWASP associated people here. Let me know if you are an #OWASP chapter leader, project leader, committee member, staff member, volunteer, etc and you want to be added, DM me or respond here.
go.bsky.app/Ks4c9Va
Could Threat Dragon be added? Thanks
