Boring AppSec

Home
About
New
Top
Community
Edition 23: A framework to securely use LLMs in companies - Part 3: Securing ChatGPT and GitHub Copilot
Part 3 of a multi-part series on using LLMs securely within your organization. This post helps you secure two of the most popular LLM-based tools used…
 • 
Sandesh Mysore Anand
 and 
Ashwath Kumar
Edition 22: A framework to securely use LLMs in companies - Part 2: Managing risk
In this edition, we will focus on managing risk for applications leveraging 3rd party LLMs
 • 
Sandesh Mysore Anand
Edition 21: A framework to securely use LLMs in companies - Part 1: Overview of Risks
Part 1 of a multi-part series on using LLMs securely within your organisation. This post provides a framework to categorize risks based on different use…
 • 
Sandesh Mysore Anand
Edition 20: Degrading UX to improve security hurts both UX and security
Accounting for unintended consequences of your design choice is important for all engineering disciplines. Security teams should apply that lens too.
 • 
Sandesh Mysore Anand
Edition 19: Security's eternal prioritisation problem
What if the task I deprioritised leads to a breach that blows everything up? This is a question that's gone through every Security leader's mind. This…
 • 
Sandesh Mysore Anand
Edition 18: The diminishing returns of DAST
If your software development relies on continuous integration and deployment (CI/CD), this edition argues that DAST as an assessment methodology should…
 • 
Sandesh Mysore Anand
Edition 17: Is CloudSec the new AppSec?
This edition argues that while there is increasing overlap between the two, it's not a useful framework to apply
 • 
Sandesh Mysore Anand
Boring AppSec
A newsletter on getting the boring parts of AppSec right
Contact
Twitter
LinkedIn

Boring AppSec

AboutArchiveSitemap
© 2023 Sandesh Mysore Anand
PrivacyTermsCollection notice
Start WritingGet the app
Substack is the home for great writing