Really giving a jot about JWTs
Instacart Sr Security Engineer David Gillman (or Gilman? Either OWASP or LASCON got it wrong) presented a talk in 2021
You should have a preference for EV Certificates in 2022 - when most think they are dead
Domain Validated (DV) Certificates may be growing in popularity since the
browsers ceased showing the organisation name along with a
5 Myths of Software Composition Analysis (SCA)
Recently someone asked me to help them with an SCA tool (you know the name, I
snicker a bit when
BSIMM vs OWASP SAMM | Which is better?
I often get asked about how to plan a roadmap for an AppSec or DevSecOps
program, and this is where
Guide to Application Security tools
First, what makes a good, or great, AppSec tool?
The best tools
A best tool for AppSec is implemented;
* in
How to start an AppSec Program
I get asked all too often:
What do <insert big co.> do for AppSec?
Many organizations with mature
No Bullsh*t guide to Application Security
Security is a process, not a destination. Which applies to Application Security
also.
Let's quickly address common AppSec
MS Office macros from the internet probably won't be blocked by default
The media coverage about Microsoft blocking by default macros from running in
Office files from the Internet is wildly overstating
Realistic 3 principles of AppSec and DevSecOps
Before we begin DevSecOps is analogous to AppSec for this discussion as both
share the same principles even if we
What are types of Cross-Site Scripting (XSS) attacks?
We typically have 3 types of Cross-Site Scripting (XSS) attacks, this is
outdated knowledge still circculating today.
Current Application Security