application security AppSec Predictions for 2020 A Customary Blogpost I am going to NOT encompass "InfoSec Predictions" in this because "InfoSec" is a HUGE area and I am not nearly qualified enough to be making predictions
application security 3 Essential AppSec Skills for 2020 and beyond Have been thinking about this one for a while now, and I thought I'll pen it down in long form. For me, the 3 Essential skills in AppSec, for 2020
graphql The Hard Way: Security Learnings from Real-world GraphQL This article comes (relatively) close on the heels of my talk at AppSec California. The talk was: "An Attacker's Perspective of Serverless and GraphQL Applications"The slides for that talk
container CVE-2019-5736, runC and the Trickle down effect of Bad Advice "Docker Containers are supposed to run as root", he said, authoritatively on a call. I started to doubt myself. "How can anything running as root, be a good thing?" I
op-ed Thoughts on Developer Security Training I have had the good fortune to have trained thousands of developers on Application Security. Private organizations, conferences and even some non-profit groups have engaged us (we45) and my team