Boring AppSec
Subscribe
Sign in
Home
Archive
About
More
return
;
Share this publication
Boring AppSec
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Boring AppSec
A newsletter on getting the boring parts of AppSec right
By Sandesh Mysore Anand · Launched 10 months ago
Subscribe
Login
About
Archive
Top posts
About
Archive
Authors
Login
Let me read it first
Edition 14: To WAF or not to WAF
Effectiveness of WAFs are a hotly debated subject in AppSec circles. This editions tries to bring a structure to that discussion.
Sandesh Mysore Anand
6
Share
Share this post
Edition 14: To WAF or not to WAF
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
New
Top
Community
Edition 13: SAST primer - Goals of a SAST program
Third in a 4-part primer on SAST. This edition talks about what a successful SAST program looks like.
Sandesh Mysore Anand
Nov 7, 2021
2
Share
Share this post
Edition 13: SAST primer - Goals of a SAST program
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Edition 12: AppSec Primer - How SAST tools work?
2nd in a 4-part primer on Static Application Security Testing (SAST). This edition gives you an overview of what SAST tools look like under the hood.
Sandesh Mysore Anand
Oct 17, 2021
2
Share
Share this post
Edition 12: AppSec Primer - How SAST tools work?
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Edition 11: AppSec Primer - SAST - Part 1
First in a four part primer on Static Application Security Testing (SAST). This edition talks about what SAST is and why it's needed.
Sandesh Mysore Anand
Oct 10, 2021
4
Share
Share this post
Edition 11: AppSec Primer - SAST - Part 1
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Edition 10: Selling AppSec
In AppSec, most Security controls are implemented by folks outside the Security team. You cannot improve your AppSec posture, without "selling" the…
Sandesh Mysore Anand
Oct 3, 2021
1
Share
Share this post
Edition 10: Selling AppSec
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Edition 9: A build v/s buy framework for AppSec
Incorrect buy v/s build decisions can have serious downstream impact on security posture and team morale. This edition builds a framework that can help…
Sandesh Mysore Anand
Sep 26, 2021
2
Share
Share this post
Edition 9: A build v/s buy framework for AppSec
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Edition 8: To train or not to train
Training is easy to get started, but hard to scale. Its also hard to measure outcomes from it. In this post, we explore alternates to training that can…
Sandesh Mysore Anand
Sep 19, 2021
2
Share
Share this post
Edition 8: To train or not to train
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
Edition 7: Using force multipliers to scale AppSec programs
AppSec programs are hard to scale. What works for a portfolio of 10 applications don't work for 1000 apps. Piggybacking off existing organizational…
Sandesh Mysore Anand
Sep 12, 2021
2
Share
Share this post
Edition 7: Using force multipliers to scale AppSec programs
boringappsec.substack.com
Copy link
Twitter
Facebook
Email
See all
Boring AppSec
Subscribe
About
Archive
Authors
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts