Effectiveness of WAFs are a hotly debated subject in AppSec circles. This editions tries to bring a structure to that discussion.
6
Third in a 4-part primer on SAST. This edition talks about what a successful SAST program looks like.
2
2nd in a 4-part primer on Static Application Security Testing (SAST). This edition gives you an overview of what SAST tools look like under the hood.
2
First in a four part primer on Static Application Security Testing (SAST). This edition talks about what SAST is and why it's needed.
4
In AppSec, most Security controls are implemented by folks outside the Security team. You cannot improve your AppSec posture, without "selling" the…
1
Incorrect buy v/s build decisions can have serious downstream impact on security posture and team morale. This edition builds a framework that can help…
2
Training is easy to get started, but hard to scale. Its also hard to measure outcomes from it. In this post, we explore alternates to training that can…
2
AppSec programs are hard to scale. What works for a portfolio of 10 applications don't work for 1000 apps. Piggybacking off existing organizational…
2
See all

Boring AppSec