Forem

# appsec

Application security topics beyond the web, including mobile and desktop applications.

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
Writing Custom SAST Rules for Vulnerabilities Your Scanner Doesn't Cover
pgmpofu profile

Writing Custom SAST Rules for Vulnerabilities Your Scanner Doesn't Cover

#security #appsec #python #tutorial
Comments
8 min read
How I Modelled the OWASP Top 10 Into a YAML Rule Engine
pgmpofu profile

How I Modelled the OWASP Top 10 Into a YAML Rule Engine

#appsec #security #tutorial #python
Comments
8 min read
Best Snyk Alternatives in 2026: Which AppSec Tool Should You Choose?
Cover image for Best Snyk Alternatives in 2026: Which AppSec Tool Should You Choose?
alexcybersmith profile

Best Snyk Alternatives in 2026: Which AppSec Tool Should You Choose?

#snyk #appsec #cybersecurity #devsecops
2
Comments 1
12 min read
SnowFROC 2026: Secure Defaults, Real Trust, and a Better Layer on Top
Cover image for SnowFROC 2026: Secure Defaults, Real Trust, and a Better Layer on Top
dwayne_mcdaniel profile

SnowFROC 2026: Secure Defaults, Real Trust, and a Better Layer on Top

#security #devops #appsec #cybersecurity
Comments
10 min read
From a Single IP to Exfiltrated Passwords in a PNG: My First Freelance Pentest Engagement
Cover image for From a Single IP to Exfiltrated Passwords in a PNG: My First Freelance Pentest Engagement
marco_altomare_0e7674642c profile

From a Single IP to Exfiltrated Passwords in a PNG: My First Freelance Pentest Engagement

#cybersecurity #webtesting #webscraping #appsec
Comments
13 min read
60–80% of your CVEs are unreachable. Here's how to prove it.
Cover image for 60–80% of your CVEs are unreachable. Here's how to prove it.
rjonmshka profile

60–80% of your CVEs are unreachable. Here's how to prove it.

#cybersecurity #typescript #javascript #appsec
1
Comments
4 min read
What AppSec Engineers Actually Do (and Why It Matters)
mohamed_aboelkheir profile

What AppSec Engineers Actually Do (and Why It Matters)

#appsec #cybersecurity #security #design
Comments
7 min read
If Your Security Scanner Can't See Attack Chains, You're Flying Blind
eldor_zufarov_1966 profile

If Your Security Scanner Can't See Attack Chains, You're Flying Blind

#devsecops #appsec #cybersecurity #fintech
Comments
5 min read
What Government Data Breaches Teach Us About Access Control
Cover image for What Government Data Breaches Teach Us About Access Control
logiqode profile

What Government Data Breaches Teach Us About Access Control

#security #appsec #devops #typescript
Comments
5 min read
Secure System Design -- 14 Challenges
fosres profile

Secure System Design -- 14 Challenges

#security #appsec #cloudsec #opensource
Comments
31 min read
From LOW to CRITICAL: How a 5-Step Vulnerability Chain Goes Undetected by Flat Scanners
eldor_zufarov_1966 profile

From LOW to CRITICAL: How a 5-Step Vulnerability Chain Goes Undetected by Flat Scanners

#security #appsec #vulnerabilities #devops
Comments
3 min read
Are You Still Checking Binary Hardening by Hand? I Built bincheck in Rust
Cover image for Are You Still Checking Binary Hardening by Hand? I Built bincheck in Rust
kazu11max17 profile

Are You Still Checking Binary Hardening by Hand? I Built bincheck in Rust

#rust #security #appsec #devops
Comments
2 min read
Execute First, Ask Never: A Vulnerability in snyk-agent-scan
Cover image for Execute First, Ask Never: A Vulnerability in snyk-agent-scan
pachilo profile

Execute First, Ask Never: A Vulnerability in snyk-agent-scan

#agents #ai #appsec #mcp
2
Comments
8 min read
From Alert Lists to Exploit Graphs: How Auditor Core Changes the Security Calculus
eldor_zufarov_1966 profile

From Alert Lists to Exploit Graphs: How Auditor Core Changes the Security Calculus

#cybersecurity #appsec #architecture #devsecops
Comments
5 min read
Subdomain Takeover is Not Just Phishing: How Acronis Nearly Lost Authenticated API Access
bala_paranj_059d338e44e7e profile

Subdomain Takeover is Not Just Phishing: How Acronis Nearly Lost Authenticated API Access

#security #aws #cloud #appsec
Comments
6 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.