application security Myth-busting Developer Security Training in 2019 Myths for Developer Security Training that I have learned through personal experience over a long span of training developers on security (2012-2019 and counting) Developers don't care about security. Untrue.
application security Disassembling CVE and CWE for No Fun and No Profit There's a good chance that you or your colleague(s) will be shuffling through the massive vendor presentation areas at RSA next week. Chances are that, as you make your
graphql The Hard Way: Security Learnings from Real-world GraphQL This article comes (relatively) close on the heels of my talk at AppSec California. The talk was: "An Attacker's Perspective of Serverless and GraphQL Applications"The slides for that talk
op-ed Thoughts on Developer Security Training I have had the good fortune to have trained thousands of developers on Application Security. Private organizations, conferences and even some non-profit groups have engaged us (we45) and my team
