Skip to content

AppSec Observer: DevOps (5)

The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe Now
A New, Open Source Tool Proves: Even After Patching, Deserializing Will Still Kill You

A New, Open Source Tool Proves: Even After Patching, Deserializing Will Still Kill You

With all the talk about Java serialization vulnerabilities, I thought I'd share a new, open source tool I built for you..

The Fast, Free, Fantastic Way to Find Cross-Site Scripting (XSS)

The Fast, Free, Fantastic Way to Find Cross-Site Scripting (XSS)

What Is XSS? Cross-site scripting (XSS) is really pretty simple. Any time untrusted data ends up an HTML page without..

The 10 Most Important Security Controls Missing in JavaEE

The 10 Most Important Security Controls Missing in JavaEE

JavaEE has some excellent built-in security mechanisms, but they don’t come close to covering all the threats that your..

Five Application Security New Year's Resolutions Every Developer Can Make

Five Application Security New Year's Resolutions Every Developer Can Make

New Year's Resolutions can be tricky, and advice abounds on how you can do a better job at keeping them. For the sake..

Automating AppSec

Automating AppSec

As developers, we have tools that we use every day to make ourselves more efficient. We use tools like Maven for..