If your software development relies on continuous integration and deployment (CI/CD), this edition argues that DAST as an assessment methodology should be avoided.
This edition argues that while there is increasing overlap between the two, it's not a useful framework to apply
In a tough economy, its useful to think about how we can add value outside our main job. Adjacent skills picked up as a security professional can help.
Security champions programs usually start well, but taper off quickly. This edition provides a framework to help avoid that.
Effectiveness of WAFs are a hotly debated subject in AppSec circles. This editions tries to bring a structure to that discussion.
Third in a 4-part primer on SAST. This edition talks about what a successful SAST program looks like.
2nd in a 4-part primer on Static Application Security Testing (SAST). This edition gives you an overview of what SAST tools look like under the hood.
First in a four part primer on Static Application Security Testing (SAST). This edition talks about what SAST is and why it's needed.
See all

Boring AppSec