Boring AppSec
Subscribe
Sign in
Home
Archive
About
Edition 18: The diminishing returns of DAST
If your software development relies on continuous integration and deployment (CI/CD), this edition argues that DAST as an assessment methodology should be avoided.
Sandesh Mysore Anand
Mar 8
10
Share this post
Edition 18: The diminishing returns of DAST
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
New
Top
Community
Edition 17: Is CloudSec the new AppSec?
This edition argues that while there is increasing overlap between the two, it's not a useful framework to apply
Sandesh Mysore Anand
Feb 19
5
Share this post
Edition 17: Is CloudSec the new AppSec?
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Edition 16: Using security teams as a force multiplier
In a tough economy, its useful to think about how we can add value outside our main job. Adjacent skills picked up as a security professional can help.
Sandesh Mysore Anand
Feb 5
2
Share this post
Edition 16: Using security teams as a force multiplier
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Edition 15: Is your champions program running out of steam?
Security champions programs usually start well, but taper off quickly. This edition provides a framework to help avoid that.
Sandesh Mysore Anand
Jan 29
5
Share this post
Edition 15: Is your champions program running out of steam?
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Edition 14: To WAF or not to WAF
Effectiveness of WAFs are a hotly debated subject in AppSec circles. This editions tries to bring a structure to that discussion.
Sandesh Mysore Anand
Jan 2, 2022
8
Share this post
Edition 14: To WAF or not to WAF
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Edition 13: SAST primer - Goals of a SAST program
Third in a 4-part primer on SAST. This edition talks about what a successful SAST program looks like.
Sandesh Mysore Anand
Nov 7, 2021
2
Share this post
Edition 13: SAST primer - Goals of a SAST program
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Edition 12: AppSec Primer - How SAST tools work?
2nd in a 4-part primer on Static Application Security Testing (SAST). This edition gives you an overview of what SAST tools look like under the hood.
Sandesh Mysore Anand
Oct 17, 2021
2
Share this post
Edition 12: AppSec Primer - How SAST tools work?
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Edition 11: AppSec Primer - SAST - Part 1
First in a four part primer on Static Application Security Testing (SAST). This edition talks about what SAST is and why it's needed.
Sandesh Mysore Anand
Oct 10, 2021
5
Share this post
Edition 11: AppSec Primer - SAST - Part 1
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
See all
Boring AppSec
Subscribe
About
Archive
Sitemap
Share this publication
Boring AppSec
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Boring AppSec
A newsletter on getting the boring parts of AppSec right
By Sandesh Mysore Anand
· Over 1,000 subscribers
Subscribe
No thanks
By registering you agree to Substack's
Terms of Service
, our
Privacy Policy
, and our
Information Collection Notice
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts