Is AppSec really boring?

It’s not. In fact, it’s fascinating! However, the industry tends to focus a lot of energy on the new shiny object. The latest Critical bug or the latest RASP tool or how AI/ML gobbledygook can make the world a better place. The thing is, in addition to keeping up with the latest trends, successful AppSec programs also do the boring things really well (think building an app inventory). This newsletter is about those “boring” things.

Why subscribe?

In my day job, I helping build a Security program. As a part of my job, I research and learn about these “boring” things every week. In this newsletter, I will rely on my experience and readings from other successful people to write an essay about one boring AppSec topic each edition.

Subscribe to Boring AppSec

A newsletter on getting the boring parts of AppSec right


Sandesh Mysore Anand

I am an InfoSec professional based in Bangalore. I have worked for over a decade in helping companies build and mature their Security program. I am the founder of BoringAppSec