Some of my colleagues at #AWS have created an open-source serverless #AI assisted #threatmodel solution. You upload architecture diagrams to it, and it uses Claude Sonnet via Amazon Bedrock to analyze it.

I'm not too impressed with the threats it comes up with. But I am very impressed with the amount of typing it saves. Given nothing more than a picture and about 2 minutes of computation, it spits out a very good list of what is depicted in the diagram and the flows between them. To the extent that the diagram is accurate/well-labeled, this solution seems to do a very good job writing out what is depicted.

I deployed this "Threat Designer" app. Then I took the architecture image from this blog post and dropped that picture into it. The image analysis produced some of the list of things you see attached.

This is a specialized, context-aware kind of OCR. I was impressed at boundaries, flows, and assets pulled from a graphic. Could save a lot of typing time. I was not impressed with the threats it identifies. Having said that, it did identify a handful of things I hadn't thought of before, like EventBridge event injection. But the majority of the threats are low value.

I suspect this app is not cheap to run. So caveat deployor.
#cloud #cloudsecurity #appsec #threatmodeling

A big thank you to @Aktodotio for joining #OWASP as a Silver Corporate Supporter! We appreciate your support and look forward to working together this year. https://owasp.org/supporters/list #appsec

A big thank you to @sonatype for their support as a Silver Exhibitor at #OWASP 2025 Global AppSec EU Barcelona. We are looking forward to seeing your team in May! barcelona.globalappsec.org #appsec #cybersecurity #developers #supportnonporfit

Everyone knows all the apps on your phone A case study looking at #Indian Apps on #Android phones. #SmartPhones #privacy #india #surveillance #DataPrivacy #DataProtection #DataSecurity #software #Apps #AppSec #AppDev
https://peabee.substack.com/p/everyone-knows-what-apps-you-use

Hear about all the mistakes you can make while applying #ai in #security from Eitan Worcel. Buy your ticket at www.basconf.org and grab a spot. #owasp #basc2025 #appsec #basc

Space is filling up fast! Secure your expo spot at #OWASP Global AppSec US DC before it’s too late! http://dc.globalappsec.org/ #appsec #developers #cybersecurity

AppSec Ezine - 580th https://pathonproject.com/zb/?94fef6e1d88cee84#fBDZtrz8GV61O1oJd+9JWBeCO0Kuzyeb3/rheyA/NLA= #AppSec #Security

We are thrilled to welcome @semgrep as a Gold Exhibitor at #OWASP 2025 Global AppSec EU in Barcelona! Your support helps drive #AppSec and #Cybersecurity forward. We are looking forward to seeing you again! barcelona.globalappsec.org #Developer #SupportNonprofit

A big thank you to @BlackDuck_SW for joining #OWASP as a Silver Corporate Supporter! We appreciate your support and look forward to working together this year. https://owasp.org/supporters/list #appsec

We are excited to have @SecureFlag join us as a Gold Exhibitor at #OWASP 2025 Global AppSec EU in Barcelona! Your support means a lot to the #AppSec and #Cybersecurity community. See you there! barcelona.globalappsec.org #developer #supportnonprofit

Legit Announces New Vulnerability Prevention Capabilities – Source: securityboulevard.com https://ciso2ciso.com/legit-announces-new-vulnerability-prevention-capabilities-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #BestPractices #CISOSuite #AppSec #DevOps #legit #CISO

These SAMLStorm vulnerabilities have been public for a couple weeks now. Anyone seeing exploitation in the wild? How’s patching going across vendors and infra? #infosec #SAML #NodeJS #AppSec

We are excited to welcome aboard @BDOGlobal as #OWASP's newest Gold Corporate Supporter! Thank you for your generous support. We look forward to collaborating with your team this year! https://owasp.org/supporters/list #appsec

Best way to spend $30 by learning about #ai, #threatmodeling & #mobilesecurity ! Check out www.basconf.org to register. Hurry up to grab a spot! #owasp #basc2025 #appsec

We’re excited to welcome the @SecCodeWarrior team as a Gold Exhibitor at #OWASP 2025 Global AppSec EU in Barcelona! Thank you for supporting the community and helping advance #AppSec and #Cybersecurity. See you there! barcelona.globalappsec.org #developer #supportnonprofit

Master Privacy Engineering at OWASP Global AppSec 2025 EU in Barcelona!

2-Day Training | May 27-28, 2025
Level: Intermediate | Trainers: Kim Wuyts & Avi Douglen

Led by Kim Wuyts and Avi Douglen, you'll gain hands-on experience tackling privacy challenges while addressing the growing skills gap in privacy engineering.

https://owasp.glueup.com/event/123983/register/

New article: Boost your security skills with my latest guide on essential #application #security #testing! 
Explore SCA, SAST, DAST, and PenTest to protect your projects from vulnerabilities. 

#JavaSecurity #Cybersecurity #AppSec #SecurityTesting

https://ionutbalosin.com/2025/03/security-application-testing-for-java-developers

Ready to shine on stage? Share your expertise at #OWASP Global #AppSec USA in Washington, DC this November! Submit your presentations now for this incredible event! Seize the opportunity - apply here: https://sessionize.com/owasp-global-appsec-USA-2025-cfp2/ #infosec #AI #devsecops #SBOMM

Our second part of the “Diving Into JumpServer” series is live:
Read more on how an attacker who bypassed authentication can execute code and fully compromise the JumpServer instance and internal hosts:

https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-2-2?utm_medium=social&utm_source=mastodon&utm_campaign=research&utm_content=blog-diving-into-jumpserver-attackers-gateway-to-internal-networks-250325-&utm_term=&s_category=Organic&s_source=Social%20Media&s_origin=social

We are looking forward to welcoming the @sec_phoenix team to the #OWASP 2025 Global AppSec EU Barcelona event as a Gold Exhibitor! Your support is greatly appreciated. barcelona.globalappsec.org #developer #appsec #cybersecurity #supportnonprofit