Articles by Tag #appsec
Browse our collection of articles on various topics related to IT technologies. Dive in and explore something new!
Password Generator Challenge
Password Generator Challenge ⚡ Skip to Exercise A Bad Random Generator Causes...
OWASP® Cornucopia 2.2 & Copi - A Game Engine for OWASP® Cornucopia Threat Modeling
The pandemic drove a considerable increase in fully remote teams, which made card games quite...
JWT Token Validator Challenge
⚡ Skip to Exercise: Download Files | View Challenge | Get Started The $3 Billion Session...
OWASP Top 10 2025 Quiz: Week 1 (51 Questions)
OWASP Top 10 2025 Quiz: Are You Interview-Ready? Time to complete: 90-120...
Week 4 Scripting Exercise: Analyze HTTP Response Headers
Build a Python tool to scrape security-relevant information from websites - HTTP headers, cookies, server versions, security configurations. A practical exercise from Grace Nolan's Security Engineering Interview Notes.
API Request Limiter Challenge
You've written rate limiters before. But have you written one secure enough to protect millions of...
SQL Injection Audit Challenge Week 1
Master SQL Injection Detection: 15 Real-World Exercises for AppSec Engineers The...
VPN Log Analyzer: Detect Brute Force, Session Hijacking & Credential Stuffing (100 Tests) 🔐
Interview-ready Python security tool that passed 100/100 test cases. Grace Nolan interview prep + 100 test files included!
OWASP Top Ten 2025 Quiz 2 Week 1 (51 Questions)
51 Questions That Will Prepare You For Your AppSec Phone Interview The following questions...
Unpacking Application Security: A Comprehensive Threat Modeling Guide
In the fast-paced world of software development, building features quickly often takes precedence....
I launched an automated App & API security platform. What would make you rely on it continuously?
Hi community! I recently launched ZeroThreat.ai, a platform focused on continuous application and...
🔍 Applying Flawfinder: A Lightweight SAST Tool to Secure C/C++ Codebases
Introduction: Why SAST for C/C++? Static Application Security Testing (SAST) is a foundational...
Applying Bandit SAST Tool to Secure Python Applications
Why Bandit for Python Security? Bandit is an open-source SAST tool developed by the...
Week 6 Scripting Challenge: Build a TLS Certificate Security Validator
Master the 20-point security checklist browsers use to validate every HTTPS certificate - then build your own validator!
🔐 AppSec desde los Protocolos: Cómo HTTP, Cookies y CORS Definen tu Superficie de Ataque
En la transición de un rol de desarrollo puro hacia AppSec o DevSecOps, el cambio más importante no...
🧭 Dominando el OWASP Top 10 (Edición 2025): El Plano de Seguridad para la Próxima Generación
En el mundo del desarrollo moderno, la seguridad no es un destino, sino un proceso de mejora...
Secure file upload validation in .NET: A layered approach
I thought file uploads were simple… until I saw how often they aren't. This article shows a...
Global Product Security Strategy: A Multi-Layered Framework (I.P. developed)
Below is a comprehensive, multi-layered strategy framework designed to be presented to top...
Fundamentos de AppSec: Protegiendo el Corazón de tus Aplicaciones
Como ingenieros de software, estamos acostumbrados a construir funcionalidades que simplemente...
How to pass the OWASP MASVS verification by design
In Admincontrol, both our Android app and our IOS app just passed the MASVS 2.0...
OWASP Cornucopia Companion Edition
At OWASP Cornucopia we have long stated that we will create more decks, and now we...
Why Modern AppSec Needs Location-Aware Security Testing
Application security has matured significantly. Teams now scan continuously, integrate security into...
Strategic Security: New Features from 3Mór
Why Strategy Matters in Security At 3Mór, we're guided by our namesake, the...
9 Free Web App Vulnerability Scanners You Should Know in 2025
Web apps are constantly under threat, and it’s not just big enterprises that are at risk. Whether...
Does the AI do the threat modeling of your software?
Are you letting the AI do the threat modeling for you? There is no need to let the machines...
Version 2.3 of OWASP Cornucopia has been released!
Threat modeling your AI models using...
Are you letting the AI do the threat modeling?
Does the AI do the threat modeling? ...
Login Page for Modern Applications
This short note might not align with someone's opinion or the reality at the time of reading I am...