AI-Generated Code: A Pandora's Box of Security Risks?
Introduction AI Software Engineering is here. This isn’t code completion. This isn’t a code generation framework. This is code...
top of page
Hub
Learn about application security from experts & innovators
The HUB at True Positives
- Mar 6
- 3 min
5 Ways an Application Security Value-Added Reseller (AppSecVAR) Saves You Money!
Budget cuts and downsizing are global issues. Understanding how utilizing an AppSecVAR actually saves you time & money.
77 views0 comments
The HUB at True Positives
- Mar 1
- 4 min
The Guide to Conquering Application Security with a Money-Saving Sidekick
You can’t ignore it. It’s too complex to handle alone without inviting disaster - application security
111 views0 comments
Clayton Dewberry
- Jan 19
- 3 min
Software Security's Journey to the Mainstream
It’s 2023. Threats aren’t just a consideration, they are a priority in the software industry. As a result, Product Engineering and DevOps...
60 views0 comments
Evan Oslick
- Jan 17
- 3 min
Get the Easy Wins. Stop Hiding from the Hard Ones.
Balancing priorities between fixing security findings and product impact is a difficult exercise.
20 views0 comments
Brian Pavicic
- Dec 8, 2022
- 5 min
The Next Evolution of Browser-Based Penetration Testing Kits: OWASP PTK
There are far too many competing tools in application security and not enough that are great. One tool aims to rise above them all and has p
440 views0 comments
Brian Pavicic
- Nov 29, 2022
- 5 min
How to Avoid the AppSec Staffing Crisis in 2023
Routes to real progress and success exist beyond outdated and painful hiring practices.
42 views0 comments
Brian Pavicic
- Oct 3, 2022
- 3 min
Modern AppSec Means Doing More with Less
Get tips for stretching your security budget without letting vulnerabilities go unnoticed The Government is Stepping Up Security...
33 views0 comments
Brian Pavicic
- Sep 7, 2022
- 1 min
We have exciting news for the AppSec community!
True Positives unveils enterprise quality AppSec scanning on demand --- starting at FREE. Meet our new AppSec product/service hybrid,...
38 views0 comments
Evan Oslick
- Jul 11, 2022
- 4 min
How to Navigate the Maze of AppSec Tools in 2023
The number of tools for performing various application security tests is increasing at a very rapid rate. We’ve gone from the big...
41 views0 comments
Clayton Dewberry
- Jun 29, 2022
- 3 min
Don't Wade in Alone! AppSec Waters are Perilous!
I enjoy fly fishing, but I’m not that good at it. It’s not my full-time sport, nor my day job, so when I go out for some “fun” it can be...
44 views0 comments
Brian Pavicic
- Jun 23, 2022
- 3 min
The Secret to AppSec Shortcuts
Security scanners are great but only when used properly with a company that truly assesses their own security. Shortcuts can be risky. Read
22 views0 comments
Brook S.E. Schoenfield
- Jun 17, 2022
- 4 min
A Better Vulnerability Mousetrap
EPSS won’t save you from building defenses. But it will help to manage large unpatched vulnerability queues so that the probably dangerous i
103 views0 comments
Brian Pavicic
- May 11, 2022
- 5 min
Modern AppSec Survival Guide: 5 Tips for Program Success
There’s no easy path to success for a modern AppSec program. You’ll absolutely fail if you don’t come prepared and have the right tools...
158 views0 comments
Evan Oslick
- Apr 26, 2022
- 3 min
False Positives VS. False Negatives in Application Security
DAST vs. SAST: Is It Better to Know Too Much or Too Little? “In our new application security program, do we implement static analysis...
53 views0 comments
Brook S.E. Schoenfield
- Apr 21, 2022
- 5 min
Risk-based AppSec, But How?
Risk. Everyone in AppSec or software security talks about it. Pundits advise that we base our decisions on it. AppSec manuals demand that...
191 views0 comments
Brian Pavicic
- Mar 29, 2022
- 5 min
AppSec Shared Security Model: It Really Is Everyone’s Responsibility
Good AppSec really is everyone’s responsibility, from server side to users, cloud owners and platforms. Explore the shared security model he
45 views0 comments
Brook S.E. Schoenfield
- Jul 13, 2021
- 5 min
Growing Up AppSec
True Positives is excited to announce that Brook S.E. Schoenfield has joined the firm to lead our AppSec Assurance Strategy service. His...
41 views0 comments
Brian Pavicic
- Nov 29, 2020
- 3 min
Semgrep Puts Real Time Vulnerability Scans in Developers’ Hands
Discover how our partner r2c is reducing cost, time, and headaches in static testing The State of Static Application Security Testing...
41 views0 comments
The HUB at True Positives
- Nov 6, 2020
- 4 min
Application Security: Shift Left isn’t Enough
In Application Security the focus is always on Shift Left. The theory goes that the sooner the teams can identify vulnerable code, the quick
45 views0 comments
Our Monthly Newsletter, PracticalAppSec!
Hone your AppSec SuperPowers with tips and tricks to tighten security and manage your budget, and so much more!
bottom of page