Application Security

Techniques for securing applications through code review, SAST/DAST tooling, dependency scanning, and embedding security into the development lifecycle.

DevOpsDataEngineeringGenerativeAIReliabilityMachineLearningAIInfrastructureCI/CDFrontendEngineeringMicroservicesCloudSecurityDeveloperExperienceDevSecOpsCloudArchitectureCloudNativeEvent-DrivenObservabilitySecurityArchitectureAIGovernanceAPIDesignApplicationSecurityCloudMigrationComplianceCostOptimizationDataGovernanceLegacyModernizationServerlessWebPerformanceDataArchitectureDeploymentStrategyDesignSystemsIncidentResponseInfrastructureasCodeKubernetesNLPPlatformEngineeringSystemDesignTestingStrategyAIAgentsAICostOptimizationDataQualityDataSecurityDataStorageEdgeComputingIdentityManagementMulti-CloudRealTimeDataSupplyChainSecurityAnalyticsAnalyticsEngineeringDataPrivacyDatabaseMigrationDesignTokensDisasterRecoveryE-CommerceFinOpsGitOpsProgressiveWebAppsServiceMeshThreatModeling
Application Security API Design

API Security: What Your WAF Can't See

Traditional WAFs cannot protect against broken object-level authorization, your largest API attack surface.

Read Article →
Supply Chain Security DevSecOps

Software Supply Chain Security

Running npm audit is not a software supply chain security program. Modern applications are mostly third-party code.

Read Article →
DevSecOps Application Security

Shift-Left Security: Workflows, Not Just Scanners

Adding more SAST tools to the CI pipeline doesn't shift security left. It shifts friction left.

Read Article →
Threat Modeling Application Security

Threat Modeling for Engineering Teams: STRIDE in Practice

Security checklists applied after deployment are painful roadblocks. Threat modeling is a design review that catches …

Read Article →