# AppSec Newsletter 0037

E chegamos a mais uma edição da nossa newsletter!

### Vídeo Novo no canal Guia de AppSec

%[https://www.youtube.com/watch?v=-lLgMupOqIw] 

### Links

* 🎖️ [Google | If It’s Not Secure, It Should Not Compile: Preventing DOM-Based XSS in Large-Scale Web Development with API Hardening](https://storage.googleapis.com/gweb-research2023-media/pubtools/5955.pdf)
    
* [AWS | How to build a Security Guardians program to distribute security ownership](https://aws.amazon.com/pt/blogs/security/how-to-build-your-own-security-guardians-program/)
    
* [Santander Bootcamp Cibersegurança #2](https://app.santanderopenacademy.com/pt/program/santander-bootcamp-ciberseguranca-2)
    
* [FIDO | FIDO Alliance Publishes New Specifications to Promote User Choice and Enhanced UX for Passkeys](https://fidoalliance.org/fido-alliance-publishes-new-specifications-to-promote-user-choice-and-enhanced-ux-for-passkeys/)
    
* [SEMGREP | Easily create custom SAST guardrails with human language and Semgrep Assistant (AI)](https://semgrep.dev/blog/2024/easily-create-custom-sast-guardrails-with-human-language-and-semgrep-assistant-ai)
    
* [SHIKIDA | Appsec adventures - Blog](https://appsecadventures.blogspot.com/)
    
* [Github | EPSS Scores in the GitHub Advisory Database](https://github.blog/changelog/2024-10-10-epss-scores-in-the-github-advisory-database/)
    
* [Hacken | Key Discovery in ECDSA: Understanding Implementation and Security Risk](https://hacken.io/insights/ecdsa/)
    
* [Tiago Tavares | Processo de Gestão de Vulnerabilidades e Automação para OffSec e AppSec Utilizando Atlassian Jira: Proposta e Tutorial](https://tiagotavares.io/blog/vulnerability_management_jira_context_offsec_appsec/)
    
* [Sysdig | Runtime Is The Way](https://sysdig.com/blog/runtime-is-the-way/)
    
* [Mitre-Engenuity | Threat-Informed Defense to Secure AI](https://medium.com/mitre-engenuity/threat-informed-defense-to-secure-ai-722716acf45e)
    

### **Siga o Guia de AppSec nas redes!**

* Youtube: [**youtube.com/@GuiadeAppSec**](http://youtube.com/@GuiadeAppSec)
    
* Twitter / X: [**twitter.com/guiadeappsec**](http://twitter.com/guiadeappsec)
    
* Site: [**guiadeappsec.com.br**](http://guiadeappsec.com.br/)
