Boring AppSec

Home
About
Edition 28: ADR v/s Shift-left should be looked at as a "Stock" v/s "Flow" problem
And like most "Stock" v "Flow" discussions, you need a bit of both.
  
Sandesh Mysore Anand
The times, they are A-changin
In the coming months, this newsletter will reflect the changes in my career: from being an AppSec operator to being a co-founder of an AppSec company.
  
Sandesh Mysore Anand
Edition 27: Secure by Design is important, but requires a different kind of industry effort to achieve it
CISA's Secure by Design has good intentions, but has an identity crisis. At this point, it may not move the needle on software security.
  
Sandesh Mysore Anand
Edition 26: Scaling Security Design Reviews and why the time is now
"Developer enablement" is all the rage in AppSec and rightly so. The best time to do it is just before they start building.
  
Sandesh Mysore Anand
[New Pod Announcement] Episode 1: - Asset Inventory
In the first episode of this brand new Podcast, Anshuman and I talk about software inventories. Why we need them, how to build them, and what to avoid.
  
Sandesh Mysore Anand
 and 
Anshuman Bhartiya
44:56
Edition 25: Gen AI can supercharge your AppSec program
This post tries to answer the question every AppSec team is probably asking: Can we use Gen AI to improve our program?
  
Sandesh Mysore Anand
[Guest post] Edition 24: Pentesting LLM apps 101
As adoption grows, we are seeing many applications integrated with LLMs (such as Open AI). This post helps Pentesters get started in testing LLM apps.
  
Ved Prabhu
Boring AppSec
E1-27: Getting the Boring aspects of AppSec right E28+: All aspects of building AppSec products
Contact
Twitter
LinkedIn

Boring AppSec

AboutArchiveSitemap
© 2025 Sandesh Mysore Anand
PrivacyTermsCollection notice
Start writingGet the app
Substack is the home for great culture