AppSec Blog

Different ways of looking at security bugs

When a development team first starts to take application security seriously, they'll end up with a list (probably a long list) of security bugs. It's useful to look at security bugs in different ways.

Design Flaws vs. Implementation Bugs

The first is to ask where each bug comes from - is it an architectural or … Continue reading Different ways of looking at security bugs


Ask the Expert - Nick Galbreath

Nick Galbreath is director of engineering at Etsy, overseeing groups handling fraud, security, authentication and internal tools. Over the last 18 years, Nick has held leadership positions at a number of social and e-commerce companies, including Right Media, UPromise, Friendster, and Open Market, and has consulted for many more. He is the author of "Cryptography … Continue reading Ask the Expert - Nick Galbreath


Ask the Expert - Chenxi Wang

This is the second in a series of "Ask the Expert" articles where we chat with leaders in the software development and application security space. Our guest is Chenxi Wang, Ph.D., who is Vice President and Principal Analyst at Forrester Research. A leading expert on content security, application security, and vulnerability management, Chenxi leads the … Continue reading Ask the Expert - Chenxi Wang


Ask the Expert - Jeremiah Grossman

This is the first in a series of "Ask the Expert" articles where we chat with leaders in the software and application security space. Our first guest is Jeremiah Grossman who founded WhiteHat Security in August 2001. A world-renowned expert in Web security, Jeremiah is a founder of the Web Application Security Consortium (WASC), and … Continue reading Ask the Expert - Jeremiah Grossman


Forms Authentication: Remember Me? Its Hard Not Too!

ASP.Net Forms Authentication is a great way to authenticate users for the application. Microsoft has done a really good job at implementing this to make it simple and straightforward for developers. Forms Authentication allows for a user to enter their user name / password combination for an application and have that validated against a backend … Continue reading Forms Authentication: Remember Me? Its Hard Not Too!