1. Application security tools ineffective against new and growing threats

Outdated offerings, false positives, and ineffective blocking are among the main causes driving this global concern.

2. HTTP/2: The Sequel is Always Worse

Attackers are learning HTTP/2. Developers and defenders must learn it as well.

3. AppSec Village Live Stream of DefCON 29

Check out AppSec Village as it is the perfect place to connect with those with related interests.

4. Mark Loveless -- Threat modeling in a DevSecOps environment

We discuss his philosophical approach, framework choice (spoiler alert, it's a pared-down version of PASTA), and success stories / best practices he's seen for threat modeling success.

5. Do you like to read? I can take over your Kindle with an e-book

An attacker could delete e-books, potentially gain full access to an Amazon account, converted a Kindle to a bot, attacked other devices in the local network, and more.