Practical AppSec

Software Security's Journey to the Mainstream

Get the Easy Wins, Don’t Hide From the Hard Ones

The Next Evolution of Browser-Based Penetration Testing Kits: OWASP PTK

How to Avoid the AppSec Staffing Crisis in 2023

Resourcefulness as Recourse - Curbing the Weighty Cost of AppSec

The Hot Mess That Is Cybersecurity Staffing

Modern AppSec Means Doing More with Less

Choosing is Confusing: AppSec Tool Maze

Don't wade in alone, AppSec waters are perilous!

A Shortcut to Failure

A Better Vulnerability Mousetrap

Modern AppSec Survival Guide: 5 Tips for Program Success

False Positives VS. False Negatives in Application Security

Risk-based AppSec, But How?

Russia, Cyberattacks, SMBs, and Startups, and You

AppSec Shared Security Model: It Really Is Everyone’s Responsibility

Must See: OWASP PTK Powered Pen Testing

Out of Band Learnings from Log4Shell: Asset Management and Open Source Community Support.

Semgrep: Enabling Just in Time Static Analysis

PracticalAppSec: Secure Design Hits the Big Time

Growing Up AppSec

Efficient AppSec Tooling With Threat Models

SAST: Semgrep Fix Rate Metric Debut

The Universal Translator: DAST’s Ultimate Secret Sauce Keeps Paying Off

Application Security: Shift Left isn’t Enough

An Introduction to Semgrep (SAST)

Report Insights - Snyk's State of Open Source Security 2020

Debut Edition: Using Semgrep SAST to uncover Common JWT Security Flaws