Is AppSec really boring?
It’s not. In fact, it’s fascinating! However, the industry tends to focus a lot of energy on the new shiny object. The latest Critical bug or the latest RASP tool or how AI/ML gobbledygook can make the world a better place. The thing is, in addition to keeping up with the latest trends, successful AppSec programs also do the boring things really well (think building an app inventory). This newsletter is about those “boring” things.
In my day job, I helping build a Security program. As a part of my job, I research and learn about these “boring” things every week. In this newsletter, I will rely on my experience and readings from other successful people to write an essay about one boring AppSec topic each edition.