I’m a software developer, and I’ve been using the same computer for over 10 years.

It's an IBM ThinkPad X41 Tablet (2nd gen). It runs Linux Mint 17.3 MATE Edition with Cinnamon 2.8 as its desktop environment. The laptop is old, but it still works great! The only problem is that the ...

Continue Reading
I’m a newbie to the world of web development.

I have no idea what I'm doing, but that's okay because it's fun! I've been working on an app for about two months now. It started out as just me messing around with some code and seeing if I could ge ...

Continue Reading
I have a new job, I’m no longer working on the game.

If you want to keep playing it, go ahead https://t.co/HmlWT1DJVo ...

Continue Reading
I’m a software engineer, currently working on the Google+ team.

I've worked on various parts of Google+, including the home stream, notifications, and search. I was born in Stuttgart (Germany) but grew up in San Diego (California). My parents are both computer sc ...

Continue Reading
SAST tools are not designed for API-centric applications and as such do not work well on them.

WAFs can’t protect APIs, but they try anyway Web Application Firewalls (WAFs) have been around since the early 2000's when OWASP released their first Top 10 list of web application vulnerabilities. ...

Continue Reading
SAST tools are not designed for API-centric applications and so do not work well on them.

APIs Are Not Web Applications — They’re Microservices! The other problem with SAST is that it was designed to be used against monolithic web applications, which have a single entry point (typically ...

Continue Reading
SAST tools are not designed for API-centric applications and therefore have a higher false positive rate.

API Security Testing is more complex than SAST SAST works by examining the source code of an application to determine where it may be vulnerable to external attack, but this does not take into accoun ...

Continue Reading
SAST tools are not designed for the unique data flow of APIs SAST is too slow to be effective on API-centric applications The second problem with SAST is that it’s just too slow.

The typical approach to a web application vulnerability assessment involves scanning the codebase, creating a model and then running this against an automated scanner such as Burp Suite or ZAP. This p ...

Continue Reading

Back to Main

Subscribe for the latest news: