application security Building a Static Analysis Security Bot with Gitlab I am a big believer in Feedback loops. For me, DevSecOps is all about building better feedback loops. If I can get Dev or Ops folks to get quick security
automation Hooking up - Automation (and Security) wins with Hooks I am inordinately pleased with myself today. No, no, it was nothing earth-shattering. For you, there's a good chance, that its probably nothing. But I am a sucker for small
serverless TDD for Serverless - My Setup I have been building serverless over the last 10 months now. I am currently working on a "not-small" project that spans nearly a 100 functions in Python 3.7. I
application security Myth-busting Developer Security Training in 2019 Myths for Developer Security Training that I have learned through personal experience over a long span of training developers on security (2012-2019 and counting) Developers don't care about security. Untrue.
application security Disassembling CVE and CWE for No Fun and No Profit There's a good chance that you or your colleague(s) will be shuffling through the massive vendor presentation areas at RSA next week. Chances are that, as you make your
graphql The Hard Way: Security Learnings from Real-world GraphQL This article comes (relatively) close on the heels of my talk at AppSec California. The talk was: "An Attacker's Perspective of Serverless and GraphQL Applications"The slides for that talk
op-ed Thoughts on Developer Security Training I have had the good fortune to have trained thousands of developers on Application Security. Private organizations, conferences and even some non-profit groups have engaged us (we45) and my team