7 Features that make ZAP Great for Application Security Testing
The Zed Attack Proxy (ZAP) is one of the most widely-used open source tools for dynamic application security testing (DAST). […]
August 13, 2020
5 Mistakes to Avoid in Enterprise Security Management
A lot of organisations think of Enterprise Security Management like a bad roommate — can’t live with ‘em, can’t live […]
August 6, 2020
Top 10 Security Risks In Serverless
How does security work in Serverless? When you go serverless, it’s the serverless provider (eg. AWS lambda, Google Cloud Functions […]
July 27, 2020
The AppSec Skill Gap and what we’re doing to Fix it!
If you had told anyone about 30 years ago that there would be a way for anyone in the world […]
April 30, 2020
Why Development and Security Teams need Holistic Learning
One of the primary causes that hinder effective application security in organisations, is the rift between development (engineering) and security […]
April 17, 2020
Perils of Local File Inclusion in File Download
Local File Inclusion (LFI) is a flaw that allows an attacker to disclose or execute files that are already present […]
January 6, 2020
Progressions in our AppSec Testing
We’ve reached a point in time when personas identify differences between “pentesting” and “pen-testing”….and rightfully so. While the actual merit […]
November 7, 2019
Thoughts on Using and Scaling Threat Modeling
Some of my pet peeves with Threat Modeling, as its currently done by a lot of organisations out there: Threat […]
November 4, 2019
5 Talks You Must Attend at AppSecDay, Melbourne
Early next month, OWASP AppSec Day is set to kick off at the Melbourne Convention Exhibition Centre (Goldfields Theatre). Australia’s […]
October 11, 2019
Modern DevSecOps Toolchain: Role of an IAST
Adding automation to accelerate the shipment of code is one of the goals of the DevOps movement. However, this speed […]