Holiday Hi/5: OWASP Top 10 Analysis, OWASP A08:2021, All Things SSRF, and more

GitLab analysis of OWASP Top 10 changes from 2004 to 2021-https://public.flourish.studio/visual...
Visualization of how OWASP Top Ten has changed over the years.

To Learn a New Language, Read Its Standard Library-http://patshaughnessy.net/2021/10/23/...
The best way to learn a new programming language, just like human language, is from example. To learn how to write code you first need to read someone else's code.

Making sense of OWASP A08:2021 - Software & Data Integrity Failures-https://www.securityjourney.com/post/...
We should expect this category to rise higher within a few years. Supply chain poisoning is difficult to detect and prevent. Our countermeasures are, arguably, in infancy. ​

GitHub - xntrik/hcltm: Documenting your Threat Models with HCL-https://github.com/xntrik/hcltm
Hcltm aims to provide a DevOps-first approach to documenting a system threat model by focusing on the following goals: Simple text-file format, simple cli-driven user experience, and integration into version control systems (VCS). This repository is the home of the hcltm cli software. The hcltm spec is based on HCL2, HashiCorp's COnfiguration Language, which aims to be. "pleasant to read and write for humans, and a JSON-based variant that is easier for machines to generate and parse". Combining the hcltm cli software and the hcltm spec allows practitioners to define a system threat model in HCL.

All Things SSRF-https://github.com/jdonsec/AllThingsSSRF
This is a collection of writeups, cheat sheets, videos, related to SSRF in one single location.