AppSec Blog

Ask the Expert - Nick Galbreath

Nick Galbreath is director of engineering at Etsy, overseeing groups handling fraud, security, authentication and internal tools. Over the last 18 years, Nick has held leadership positions at a number of social and e-commerce companies, including Right Media, UPromise, Friendster, and Open Market, and has consulted for many more. He is the author of "Cryptography … Continue reading Ask the Expert - Nick Galbreath


Ask the Expert - Chenxi Wang

This is the second in a series of "Ask the Expert" articles where we chat with leaders in the software development and application security space. Our guest is Chenxi Wang, Ph.D., who is Vice President and Principal Analyst at Forrester Research. A leading expert on content security, application security, and vulnerability management, Chenxi leads the … Continue reading Ask the Expert - Chenxi Wang


Ask the Expert - Jeremiah Grossman

This is the first in a series of "Ask the Expert" articles where we chat with leaders in the software and application security space. Our first guest is Jeremiah Grossman who founded WhiteHat Security in August 2001. A world-renowned expert in Web security, Jeremiah is a founder of the Web Application Security Consortium (WASC), and … Continue reading Ask the Expert - Jeremiah Grossman


Forms Authentication: Remember Me? Its Hard Not Too!

ASP.Net Forms Authentication is a great way to authenticate users for the application. Microsoft has done a really good job at implementing this to make it simple and straightforward for developers. Forms Authentication allows for a user to enter their user name / password combination for an application and have that validated against a backend … Continue reading Forms Authentication: Remember Me? Its Hard Not Too!


What's the point of application pen testing?

Penetration testing is one of the bulwarks of an application security program: get an expert tester to simulate an attack on your system, and see if they can hack their way in. But how effective is application penetration testing, and what should you expect from it? Gary McGraw in Software Security: Building Security In says … Continue reading What's the point of application pen testing?