AppSec Blog

What Appsec can learn from Devops

My brain's on fire about devops, having just got back from Devopsdays. Devops is starting to have the same kind of impact on application and system operations as Agile has had on software development. Although only a small number of people at a few companies are really doing devops, it is getting a lot of … Continue reading What Appsec can learn from Devops


Different ways of looking at security bugs

When a development team first starts to take application security seriously, they'll end up with a list (probably a long list) of security bugs. It's useful to look at security bugs in different ways.

Design Flaws vs. Implementation Bugs

The first is to ask where each bug comes from - is it an architectural or … Continue reading Different ways of looking at security bugs


Ask the Expert - Nick Galbreath

Nick Galbreath is director of engineering at Etsy, overseeing groups handling fraud, security, authentication and internal tools. Over the last 18 years, Nick has held leadership positions at a number of social and e-commerce companies, including Right Media, UPromise, Friendster, and Open Market, and has consulted for many more. He is the author of "Cryptography … Continue reading Ask the Expert - Nick Galbreath


Ask the Expert - Chenxi Wang

This is the second in a series of "Ask the Expert" articles where we chat with leaders in the software development and application security space. Our guest is Chenxi Wang, Ph.D., who is Vice President and Principal Analyst at Forrester Research. A leading expert on content security, application security, and vulnerability management, Chenxi leads the … Continue reading Ask the Expert - Chenxi Wang


Ask the Expert - Jeremiah Grossman

This is the first in a series of "Ask the Expert" articles where we chat with leaders in the software and application security space. Our first guest is Jeremiah Grossman who founded WhiteHat Security in August 2001. A world-renowned expert in Web security, Jeremiah is a founder of the Web Application Security Consortium (WASC), and … Continue reading Ask the Expert - Jeremiah Grossman