Boring AppSec | Sandesh Mysore Anand | Substack

Effectiveness of WAFs are a hotly debated subject in AppSec circles. This editions tries to bring a structure to that discussion.

Sandesh Mysore Anand

New Top Community

Third in a 4-part primer on SAST. This edition talks about what a successful SAST program looks like.

Sandesh Mysore Anand

Nov 7, 2021

2nd in a 4-part primer on Static Application Security Testing (SAST). This edition gives you an overview of what SAST tools look like under the hood.

Sandesh Mysore Anand

Oct 17, 2021

First in a four part primer on Static Application Security Testing (SAST). This edition talks about what SAST is and why it's needed.

Sandesh Mysore Anand

Oct 10, 2021

In AppSec, most Security controls are implemented by folks outside the Security team. You cannot improve your AppSec posture, without "selling" the…

Sandesh Mysore Anand

Oct 3, 2021

Incorrect buy v/s build decisions can have serious downstream impact on security posture and team morale. This edition builds a framework that can help…

Sandesh Mysore Anand

Sep 26, 2021

Training is easy to get started, but hard to scale. Its also hard to measure outcomes from it. In this post, we explore alternates to training that can…

Sandesh Mysore Anand

Sep 19, 2021

AppSec programs are hard to scale. What works for a portfolio of 10 applications don't work for 1000 apps. Piggybacking off existing organizational…

Sandesh Mysore Anand

Sep 12, 2021

Boring AppSec

About Archive Authors

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts