Jun
29
Really giving a jot about JWTs
Instacart Sr Security Engineer David Gillman (or Gilman? Either OWASP or LASCON got it wrong) presented a talk in 2021
2 min read
Latest
Jun
25
You should have a preference for EV Certificates in 2022 - when most think they are dead
Domain Validated (DV) Certificates may be growing in popularity since the
browsers ceased showing the organisation name along with a
3 min read
Apr
08
5 Myths of Software Composition Analysis (SCA)
Recently someone asked me to help them with an SCA tool (you know the name, I
snicker a bit when
9 min read
Mar
28
BSIMM vs OWASP SAMM | Which is better?
I often get asked about how to plan a roadmap for an AppSec or DevSecOps
program, and this is where
3 min read
Mar
23
Guide to Application Security tools
First, what makes a good, or great, AppSec tool?
The best tools
A best tool for AppSec is implemented;
* in
3 min read
Mar
23
How to start an AppSec Program
I get asked all too often:
What do <insert big co.> do for AppSec?
Many organizations with mature
4 min read
Mar
23
No Bullsh*t guide to Application Security
Security is a process, not a destination. Which applies to Application Security
also.
Let's quickly address common AppSec
2 min read
Feb
22
MS Office macros from the internet probably won't be blocked by default
The media coverage about Microsoft blocking by default macros from running in
Office files from the Internet is wildly overstating
2 min read
Aug
15
Realistic 3 principles of AppSec and DevSecOps
Before we begin DevSecOps is analogous to AppSec for this discussion as both
share the same principles even if we
3 min read
Jul
24
What are types of Cross-Site Scripting (XSS) attacks?
We typically have 3 types of Cross-Site Scripting (XSS) attacks, this is
outdated knowledge still circculating today.
Current Application Security
4 min read