Tags

Following is a list of relevant tags:

AI

• I Asked Claude to write a feature. It introduced two security bugs. Now what?
• Langgraph notes on state and memory
• Prompt injection isn't a bug. It's the architecture.
• Random Thoughts on AppSec Challenges in 2026
• Thoughts on AI and the future of AppSec
• Threat Modeling in the Age of AI — Time to Rethink the Process

AWS

• Deploy Django to AWS Elastic Beanstalk

AppSec

• Application L7 Denial-of-Service attacks
• Automated Rapid7 reports with python
• Azure DevOps versioning
• Detect hardcoded secrets using Github actions
• Detect open source vulnerabilities in Gradle projects with Github actions
• DevSecOps: Dynamic Security Analysis with nuclei
• Github GraphQL for AppSec metrics
• How to choose the right SAST and SCA tools
• I Asked Claude to write a feature. It introduced two security bugs. Now what?
• Product security logging basics
• Prompt injection isn't a bug. It's the architecture.
• Random Thoughts on AppSec Challenges in 2026
• Security templates in Azure DevOps
• Security? I develop an internal application!
• Start your Security Champions program (part 1)
• Thoughts on AI and the future of AppSec
• Threat Modeling in the Age of AI — Time to Rethink the Process
• What I've learned (so far) by threat modeling with teams across Europe

Architecture

• Application L7 Denial-of-Service attacks

Certifications

• Experiences and lessons from holding a ISC2 CSSLP certification

Conferences

• Black Hat 2025 and DEFCON 33 debriefing
• Preparing for Black Hat and DEFCON 2025

Cybercrime

• Injecting javascript for profit: How to detect and stop skimmers

Cybersecurity

• Application L7 Denial-of-Service attacks
• Basic email security analysis
• Black Hat 2025 and DEFCON 33 debriefing
• Preparing for Black Hat and DEFCON 2025
• Zenmap & Nmap Parser

DevSecOps

• Azure DevOps versioning
• I Asked Claude to write a feature. It introduced two security bugs. Now what?
• Random Thoughts on AppSec Challenges in 2026
• Security templates in Azure DevOps
• Threat Modeling in the Age of AI — Time to Rethink the Process
• What I've learned (so far) by threat modeling with teams across Europe

Github

• Detect hardcoded secrets using Github actions
• Detect open source vulnerabilities in Gradle projects with Github actions
• Github Advisory database
• Github GraphQL for AppSec metrics

LLM Security

• Prompt injection isn't a bug. It's the architecture.

Langgraph, Langchain

• Langgraph notes on state and memory

Prompt Injection

• Prompt injection isn't a bug. It's the architecture.

Secure Coding

• I Asked Claude to write a feature. It introduced two security bugs. Now what?

Supply Chain

• Random Thoughts on AppSec Challenges in 2026

Threat Modeling

• Random Thoughts on AppSec Challenges in 2026
• Threat Modeling in the Age of AI — Time to Rethink the Process
• What I've learned (so far) by threat modeling with teams across Europe

Workshops

• What I've learned (so far) by threat modeling with teams across Europe