<h3 id="heading-links">Links</h3>
<ul>
<li>[artigo] <a target="_blank" href="https://boostsecurity.io/blog/opening-pandora-box-supply-chain-insider-threats-in-oss-projects">Opening Pandora’s box - Supply Chain Insider Threats in Open Source projects</a>
</li>
<li>[artigo] <a target="_blank" href="https://reynardsec.com/en/docker-platform-security-step-by-step-hardening/">Docker Security – Step-by-Step Hardening (Docker Hardening)</a> (um dos guias mais completos que já vi)
</li>
<li>[ferramenta] <a target="_blank" href="https://github.blog/changelog/2024-03-12-secret-scanning-ai-generated-custom-patterns-public-beta/">Secret scanning AI-generated custom patterns (public beta) by Github</a>
</li>
<li>[processo] <a target="_blank" href="https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form">CISA Secure Software Development Attestation Form</a>
</li>
<li>[repositório] <a target="_blank" href="https://github.com/dagheyman/awesome-product-security">Awesome Product Security</a>
</li>
<li>[IA] <a target="_blank" href="https://blog.cloudflare.com/firewall-for-ai">Cloudflare announces Firewall for AI</a>
</li>
</ul>
<h3 id="heading-vagas">Vagas</h3>
<ul>
<li><a target="_blank" href="https://www.linkedin.com/jobs/view/3851541724/?refId=Yoi1A0lMkiheFHjrXWhUaA%3D%3D&amp;trackingId=Yoi1A0lMkiheFHjrXWhUaA%3D%3D">Hakai | Engenheiro de AppSec/DevSecOps (PL e SR)</a>
</li>
<li><a target="_blank" href="https://www.linkedin.com/jobs/view/3844611264/?eBP=CwEAAAGOTP22PFlUl8e1O0Pamw-_bMEo2wL-S1PcfamTkQCHkm6C6crROiwvIcVbQpjdLNWaLfnibkakmTHmYPB9Gqyl26DL-1QTtz-UDd0XV2cSuY_2Icgr1T9EjBSvp_6rxtqAx5Z8mNbYqLgLSPAkREexCK4KV3L2B38dSoqerArN-Wv-5EZCEGQ1PBCZgDJFjM7UpFjE0R49uvCQktNcZN5fDqEbfdtOZLHHTQACj7QV4WR2vXfrLqZJ7zUSnhZg75LPLbaMrc2GZtHhIVTIn-Ozf5sNiF-JvdKQZt-J_8NVIZfIeEVVF_xTLx8GCH-kIdMpaMO9bbwbUiVCpXo5AYE0wOQO0__84L2qrXgLFyroT5tC7BFcynYNWLRfhaItXgWE16aEjvKMEIEhUXxeq2CBfZxHzw&amp;refId=84%2Bo2Jdg%2BV3j%2BLw%2FLPFtjw%3D%3D&amp;trackingId=L1IVJCm7IlzIv0swj3eBNw%3D%3D&amp;trk=flagship3_search_srp_jobs">Luxoft | Application Security Specialist</a>
</li>
<li><a target="_blank" href="https://www.linkedin.com/jobs/view/3830995085/?eBP=CwEAAAGOTP2xfRpLNXl6RaRW5_bkCL7eX5r3Rg33v0dsOth_kg03c1r8ff4taMCJnmGRt6QLiLiT1emAweyXdUi-rlRqRmZjJNOhuDAyTFBuUMdX19S664l1oCsS9h7IAfQPWOaElrf4phO0al-5_k3mRLyLigEnmybidtQP6Qkq9D2SskupNcCXMEjXVK483gT_0lR-x3NScgKuOWu8VD10MPRaNF0_JAE0F24RX-cLrazX0AMjzYnJis3ZlcCUiE5yifNRZ6mM7DXBkzmiduyObTMcpUn7RxyGGGSXM-hFAkSHl6kyZRu5VIn6_5ahBpC4k9XByvNIdBiooJqnRO3uEDU8l1pD5nTaAgfvMai4qxcD5e-MjYBNw2OoJa2SZrtJuCzNKFlAWpIcbagm3QpU-Q&amp;refId=q87g%2BeyRvydy0Qs7mU3taQ%3D%3D&amp;trackingId=w0mwXWF0dJU%2FwgUHx2yBzw%3D%3D&amp;trk=flagship3_search_srp_jobs">Stefanini | DevSecOps Pl</a>
</li>
</ul>
<h3 id="heading-siga-o-guia-de-appsec-nas-redes">Siga o Guia de AppSec nas redes!</h3>
<ul>
<li>Youtube: <a target="_blank" href="http://youtube.com/@GuiadeAppSec"><a href="http://youtube.com/@GuiadeAppSec" class="autolinkedURL autolinkedURL-url" target="_blank">youtube.com/@GuiadeAppSec</a></a>
</li>
<li>Twitter / X: <a target="_blank" href="http://twitter.com/guiadeappsec"><a href="http://twitter.com/guiadeappsec" class="autolinkedURL autolinkedURL-url" target="_blank">twitter.com/guiadeappsec</a></a>
</li>
<li>Site: <a target="_blank" href="http://guiadeappsec.com.br/"><a href="http://guiadeappsec.com.br" class="autolinkedURL autolinkedURL-url" target="_blank">guiadeappsec.com.br</a></a>
</li>
</ul>

### Links

* \[artigo\] [Opening Pandora’s box - Supply Chain Insider Threats in Open Source projects](https://boostsecurity.io/blog/opening-pandora-box-supply-chain-insider-threats-in-oss-projects)
    
* \[artigo\] [Docker Security – Step-by-Step Hardening (Docker Hardening)](https://reynardsec.com/en/docker-platform-security-step-by-step-hardening/) (um dos guias mais completos que já vi)
    
* \[ferramenta\] [Secret scanning AI-generated custom patterns (public beta) by Github](https://github.blog/changelog/2024-03-12-secret-scanning-ai-generated-custom-patterns-public-beta/)
    
* \[processo\] [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form)
    
* \[repositório\] [Awesome Product Security](https://github.com/dagheyman/awesome-product-security)
    
* \[IA\] [Cloudflare announces Firewall for AI](https://blog.cloudflare.com/firewall-for-ai)
    

### Vagas

* [Hakai | Engenheiro de AppSec/DevSecOps (PL e SR)](https://www.linkedin.com/jobs/view/3851541724/?refId=Yoi1A0lMkiheFHjrXWhUaA%3D%3D&trackingId=Yoi1A0lMkiheFHjrXWhUaA%3D%3D)
    
* [Luxoft | Application Security Specialist](https://www.linkedin.com/jobs/view/3844611264/?eBP=CwEAAAGOTP22PFlUl8e1O0Pamw-_bMEo2wL-S1PcfamTkQCHkm6C6crROiwvIcVbQpjdLNWaLfnibkakmTHmYPB9Gqyl26DL-1QTtz-UDd0XV2cSuY_2Icgr1T9EjBSvp_6rxtqAx5Z8mNbYqLgLSPAkREexCK4KV3L2B38dSoqerArN-Wv-5EZCEGQ1PBCZgDJFjM7UpFjE0R49uvCQktNcZN5fDqEbfdtOZLHHTQACj7QV4WR2vXfrLqZJ7zUSnhZg75LPLbaMrc2GZtHhIVTIn-Ozf5sNiF-JvdKQZt-J_8NVIZfIeEVVF_xTLx8GCH-kIdMpaMO9bbwbUiVCpXo5AYE0wOQO0__84L2qrXgLFyroT5tC7BFcynYNWLRfhaItXgWE16aEjvKMEIEhUXxeq2CBfZxHzw&refId=84%2Bo2Jdg%2BV3j%2BLw%2FLPFtjw%3D%3D&trackingId=L1IVJCm7IlzIv0swj3eBNw%3D%3D&trk=flagship3_search_srp_jobs)
    
* [Stefanini | DevSecOps Pl](https://www.linkedin.com/jobs/view/3830995085/?eBP=CwEAAAGOTP2xfRpLNXl6RaRW5_bkCL7eX5r3Rg33v0dsOth_kg03c1r8ff4taMCJnmGRt6QLiLiT1emAweyXdUi-rlRqRmZjJNOhuDAyTFBuUMdX19S664l1oCsS9h7IAfQPWOaElrf4phO0al-5_k3mRLyLigEnmybidtQP6Qkq9D2SskupNcCXMEjXVK483gT_0lR-x3NScgKuOWu8VD10MPRaNF0_JAE0F24RX-cLrazX0AMjzYnJis3ZlcCUiE5yifNRZ6mM7DXBkzmiduyObTMcpUn7RxyGGGSXM-hFAkSHl6kyZRu5VIn6_5ahBpC4k9XByvNIdBiooJqnRO3uEDU8l1pD5nTaAgfvMai4qxcD5e-MjYBNw2OoJa2SZrtJuCzNKFlAWpIcbagm3QpU-Q&refId=q87g%2BeyRvydy0Qs7mU3taQ%3D%3D&trackingId=w0mwXWF0dJU%2FwgUHx2yBzw%3D%3D&trk=flagship3_search_srp_jobs)
    

### **Siga o Guia de AppSec nas redes!**

* Youtube: [**youtube.com/@GuiadeAppSec**](http://youtube.com/@GuiadeAppSec)
    
* Twitter / X: [**twitter.com/guiadeappsec**](http://twitter.com/guiadeappsec)
    
* Site: [**guiadeappsec.com.br**](http://guiadeappsec.com.br/)

AppSec Newsletter 0027

Tornando a vida do security champion um pouco mais fácil a cada dia =)
