Boring AppSec
Subscribe
Sign in
Home
About
Latest
Top
Discussions
[New Pod Announcement] Episode 1: - Asset Inventory
In the first episode of this brand new Podcast, Anshuman and I talk about software inventories. Why we need them, how to build them, and what to avoid.
Mar 4
•
Sandesh Mysore Anand
and
Anshuman Bhartiya
44:56
Share this post
[New Pod Announcement] Episode 1: - Asset Inventory
boringappsec.substack.com
Copy link
Facebook
Email
Note
Other
December 2023
Edition 25: Gen AI can supercharge your AppSec program
This post tries to answer the question every AppSec team is probably asking: Can we use Gen AI to improve our program?
Dec 18, 2023
•
Sandesh Mysore Anand
8
Share this post
Edition 25: Gen AI can supercharge your AppSec program
boringappsec.substack.com
Copy link
Facebook
Email
Note
Other
October 2023
[Guest post] Edition 24: Pentesting LLM apps 101
As adoption grows, we are seeing many applications integrated with LLMs (such as Open AI). This post helps Pentesters get started in testing LLM apps.
Oct 13, 2023
•
Ved Prabhu
9
Share this post
[Guest post] Edition 24: Pentesting LLM apps 101
boringappsec.substack.com
Copy link
Facebook
Email
Note
Other
September 2023
Edition 23: A framework to securely use LLMs in companies - Part 3: Securing ChatGPT and GitHub Copilot
Part 3 of a multi-part series on using LLMs securely within your organization. This post helps you secure two of the most popular LLM-based tools used…
Sep 5, 2023
•
Sandesh Mysore Anand
and
Ashwath Kumar
11
Share this post
Edition 23: A framework to securely use LLMs in companies - Part 3: Securing ChatGPT and GitHub Copilot
boringappsec.substack.com
Copy link
Facebook
Email
Note
Other
August 2023
Edition 22: A framework to securely use LLMs in companies - Part 2: Managing risk
In this edition, we will focus on managing risk for applications leveraging 3rd party LLMs
Aug 13, 2023
•
Sandesh Mysore Anand
4
Share this post
Edition 22: A framework to securely use LLMs in companies - Part 2: Managing risk
boringappsec.substack.com
Copy link
Facebook
Email
Note
Other
July 2023
Edition 21: A framework to securely use LLMs in companies - Part 1: Overview of Risks
Part 1 of a multi-part series on using LLMs securely within your organisation. This post provides a framework to categorize risks based on different use…
Jul 18, 2023
•
Sandesh Mysore Anand
22
Share this post
Edition 21: A framework to securely use LLMs in companies - Part 1: Overview of Risks
boringappsec.substack.com
Copy link
Facebook
Email
Note
Other
May 2023
Edition 20: Degrading UX to improve security hurts both UX and security
Accounting for unintended consequences of your design choice is important for all engineering disciplines. Security teams should apply that lens too.
May 30, 2023
•
Sandesh Mysore Anand
6
Share this post
Edition 20: Degrading UX to improve security hurts both UX and security
boringappsec.substack.com
Copy link
Facebook
Email
Note
Other
Edition 19: Security's eternal prioritisation problem
What if the task I deprioritised leads to a breach that blows everything up? This is a question that's gone through every Security leader's mind. This…
May 8, 2023
•
Sandesh Mysore Anand
2
Share this post
Edition 19: Security's eternal prioritisation problem
boringappsec.substack.com
Copy link
Facebook
Email
Note
Other
March 2023
Edition 18: The diminishing returns of DAST
If your software development relies on continuous integration and deployment (CI/CD), this edition argues that DAST as an assessment methodology should…
Mar 8, 2023
•
Sandesh Mysore Anand
10
Share this post
Edition 18: The diminishing returns of DAST
boringappsec.substack.com
Copy link
Facebook
Email
Note
Other
February 2023
Edition 17: Is CloudSec the new AppSec?
This edition argues that while there is increasing overlap between the two, it's not a useful framework to apply
Feb 19, 2023
•
Sandesh Mysore Anand
6
Share this post
Edition 17: Is CloudSec the new AppSec?
boringappsec.substack.com
Copy link
Facebook
Email
Note
Other
Edition 16: Using security teams as a force multiplier
In a tough economy, its useful to think about how we can add value outside our main job. Adjacent skills picked up as a security professional can help.
Feb 5, 2023
•
Sandesh Mysore Anand
2
Share this post
Edition 16: Using security teams as a force multiplier
boringappsec.substack.com
Copy link
Facebook
Email
Note
Other
January 2023
Edition 15: Is your champions program running out of steam?
Security champions programs usually start well, but taper off quickly. This edition provides a framework to help avoid that.
Jan 29, 2023
•
Sandesh Mysore Anand
5
Share this post
Edition 15: Is your champions program running out of steam?
boringappsec.substack.com
Copy link
Facebook
Email
Note
Other
Share
Copy link
Facebook
Email
Note
Other
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts