Boring AppSec | Sandesh Mysore Anand | Substack

If your software development relies on continuous integration and deployment (CI/CD), this edition argues that DAST as an assessment methodology should be avoided.

Sandesh Mysore Anand

Mar 8

New Top Community

This edition argues that while there is increasing overlap between the two, it's not a useful framework to apply

Sandesh Mysore Anand

Feb 19

In a tough economy, its useful to think about how we can add value outside our main job. Adjacent skills picked up as a security professional can help.

Sandesh Mysore Anand

Feb 5

Security champions programs usually start well, but taper off quickly. This edition provides a framework to help avoid that.

Sandesh Mysore Anand

Jan 29

Effectiveness of WAFs are a hotly debated subject in AppSec circles. This editions tries to bring a structure to that discussion.

Sandesh Mysore Anand

Jan 2, 2022

Third in a 4-part primer on SAST. This edition talks about what a successful SAST program looks like.

Sandesh Mysore Anand

Nov 7, 2021

2nd in a 4-part primer on Static Application Security Testing (SAST). This edition gives you an overview of what SAST tools look like under the hood.

Sandesh Mysore Anand

Oct 17, 2021

First in a four part primer on Static Application Security Testing (SAST). This edition talks about what SAST is and why it's needed.

Sandesh Mysore Anand

Oct 10, 2021

Boring AppSec

About Archive Sitemap

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts