Boring AppSec
Subscribe
Sign in
Home
Archive
About
New
Top
Discussion
Edition 20: Degrading UX to improve security hurts both UX and security
Accounting for unintended consequences of your design choice is important for all engineering disciplines. Security teams should apply that lens too.
May 30
•
Sandesh Mysore Anand
6
Share this post
Edition 20: Degrading UX to improve security hurts both UX and security
boringappsec.substack.com
Copy link
Facebook
Email
Notes
Other
Edition 19: Security's eternal prioritisation problem
What if the task I deprioritised leads to a breach that blows everything up? This is a question that's gone through every Security leader's mind. This…
May 8
•
Sandesh Mysore Anand
2
Share this post
Edition 19: Security's eternal prioritisation problem
boringappsec.substack.com
Copy link
Facebook
Email
Notes
Other
March 2023
Edition 18: The diminishing returns of DAST
If your software development relies on continuous integration and deployment (CI/CD), this edition argues that DAST as an assessment methodology should…
Mar 8
•
Sandesh Mysore Anand
10
Share this post
Edition 18: The diminishing returns of DAST
boringappsec.substack.com
Copy link
Facebook
Email
Notes
Other
February 2023
Edition 17: Is CloudSec the new AppSec?
This edition argues that while there is increasing overlap between the two, it's not a useful framework to apply
Feb 19
•
Sandesh Mysore Anand
6
Share this post
Edition 17: Is CloudSec the new AppSec?
boringappsec.substack.com
Copy link
Facebook
Email
Notes
Other
Edition 16: Using security teams as a force multiplier
In a tough economy, its useful to think about how we can add value outside our main job. Adjacent skills picked up as a security professional can help.
Feb 5
•
Sandesh Mysore Anand
2
Share this post
Edition 16: Using security teams as a force multiplier
boringappsec.substack.com
Copy link
Facebook
Email
Notes
Other
January 2023
Edition 15: Is your champions program running out of steam?
Security champions programs usually start well, but taper off quickly. This edition provides a framework to help avoid that.
Jan 29
•
Sandesh Mysore Anand
5
Share this post
Edition 15: Is your champions program running out of steam?
boringappsec.substack.com
Copy link
Facebook
Email
Notes
Other
January 2022
Edition 14: To WAF or not to WAF
Effectiveness of WAFs are a hotly debated subject in AppSec circles. This editions tries to bring a structure to that discussion.
Jan 2, 2022
•
Sandesh Mysore Anand
8
Share this post
Edition 14: To WAF or not to WAF
boringappsec.substack.com
Copy link
Facebook
Email
Notes
Other
November 2021
Edition 13: SAST primer - Goals of a SAST program
Third in a 4-part primer on SAST. This edition talks about what a successful SAST program looks like.
Nov 7, 2021
•
Sandesh Mysore Anand
2
Share this post
Edition 13: SAST primer - Goals of a SAST program
boringappsec.substack.com
Copy link
Facebook
Email
Notes
Other
October 2021
Edition 12: AppSec Primer - How SAST tools work?
2nd in a 4-part primer on Static Application Security Testing (SAST). This edition gives you an overview of what SAST tools look like under the hood.
Oct 17, 2021
•
Sandesh Mysore Anand
2
Share this post
Edition 12: AppSec Primer - How SAST tools work?
boringappsec.substack.com
Copy link
Facebook
Email
Notes
Other
Edition 11: AppSec Primer - SAST - Part 1
First in a four part primer on Static Application Security Testing (SAST). This edition talks about what SAST is and why it's needed.
Oct 10, 2021
•
Sandesh Mysore Anand
5
Share this post
Edition 11: AppSec Primer - SAST - Part 1
boringappsec.substack.com
Copy link
Facebook
Email
Notes
Other
Edition 10: Selling AppSec
In AppSec, most Security controls are implemented by folks outside the Security team. You cannot improve your AppSec posture, without "selling" the…
Oct 3, 2021
•
Sandesh Mysore Anand
1
Share this post
Edition 10: Selling AppSec
boringappsec.substack.com
Copy link
Facebook
Email
Notes
Other
September 2021
Edition 9: A build v/s buy framework for AppSec
Incorrect buy v/s build decisions can have serious downstream impact on security posture and team morale. This edition builds a framework that can help…
Sep 26, 2021
•
Sandesh Mysore Anand
4
Share this post
Edition 9: A build v/s buy framework for AppSec
boringappsec.substack.com
Copy link
Facebook
Email
Notes
Other
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts