DEV Community

# appsec

Application security topics beyond the web, including mobile and desktop applications.

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
Why the Variable Name Is the Most Important Feature in Secrets Detection
pgmpofu profile

Why the Variable Name Is the Most Important Feature in Secrets Detection

#machinelearning #python #security #appsec
Comments
8 min read
The 26-Dimensional Feature Vector: How a Machine Learns to Recognise a Secret
pgmpofu profile

The 26-Dimensional Feature Vector: How a Machine Learns to Recognise a Secret

#machinelearning #python #appsec #security
Comments
9 min read
We scanned 50+ MCP servers and found HIGH-severity bugs in Atlassian, GitHub, Cloudflare, and Microsoft — here's what we learned
truong_bui_eaec3f963bbe21 profile

We scanned 50+ MCP servers and found HIGH-severity bugs in Atlassian, GitHub, Cloudflare, and Microsoft — here's what we learned

#mcp #security #llm #appsec
1
Comments 1
4 min read
AI-Powered Security Code Reviews That Actually Work: A Threat-Model-First Methodology
mohamed_aboelkheir profile

AI-Powered Security Code Reviews That Actually Work: A Threat-Model-First Methodology

#appsec #security #ai #cybersecurity
Comments
9 min read
What a Free Security Snapshot Can Tell You — and What It Cannot
stanleya profile

What a Free Security Snapshot Can Tell You — and What It Cannot

#security #webdev #cybersecurity #appsec
Comments
4 min read
Why I Built an ML-Powered Secrets Detector Instead of Just Using Regex
pgmpofu profile

Why I Built an ML-Powered Secrets Detector Instead of Just Using Regex

#security #machinelearning #appsec #python
Comments
8 min read
What Building a SAST Tool Taught Me About AppSec That 13 Years of Software Engineering Didn't
pgmpofu profile

What Building a SAST Tool Taught Me About AppSec That 13 Years of Software Engineering Didn't

#career #security #webdev #appsec
Comments
8 min read
Your Private API is Currently Safe. One Developer Change Away From Unsafe.
bala_paranj_059d338e44e7e profile

Your Private API is Currently Safe. One Developer Change Away From Unsafe.

#security #aws #cloud #appsec
Comments
8 min read
False Positives in SAST — How I Built Suppression Into My Scanner and Why It Matters
pgmpofu profile

False Positives in SAST — How I Built Suppression Into My Scanner and Why It Matters

#appsec #devops #testing #security
Comments
9 min read
Writing Custom SAST Rules for Vulnerabilities Your Scanner Doesn't Cover
pgmpofu profile

Writing Custom SAST Rules for Vulnerabilities Your Scanner Doesn't Cover

#security #appsec #python #tutorial
Comments
8 min read
How I Modelled the OWASP Top 10 Into a YAML Rule Engine
pgmpofu profile

How I Modelled the OWASP Top 10 Into a YAML Rule Engine

#appsec #security #tutorial #python
Comments
8 min read
Introducing a OWASP Game for threat modeling Agentic AI, Cloud, Devops, Frontend, LLM, Automation, and Web
sydseter profile

Introducing a OWASP Game for threat modeling Agentic AI, Cloud, Devops, Frontend, LLM, Automation, and Web

#ai #security #gamedev #appsec
1
Comments 1
10 min read
SnowFROC 2026: Secure Defaults, Real Trust, and a Better Layer on Top
dwayne_mcdaniel profile

SnowFROC 2026: Secure Defaults, Real Trust, and a Better Layer on Top

#security #devops #appsec #cybersecurity
Comments
10 min read
From a Single IP to Exfiltrated Passwords in a PNG: My First Freelance Pentest Engagement
marco_altomare_0e7674642c profile

From a Single IP to Exfiltrated Passwords in a PNG: My First Freelance Pentest Engagement

#cybersecurity #webtesting #webscraping #appsec
Comments
13 min read
60–80% of your CVEs are unreachable. Here's how to prove it.
rjonmshka profile

60–80% of your CVEs are unreachable. Here's how to prove it.

#cybersecurity #typescript #javascript #appsec
1
Comments
4 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.