Hacker News
- A framework to securely use LLMs in companies – Part 1: Overview of Risks https://boringappsec.substack.com/p/edition-21-a-framework-to-securely 25 comments
- Tools & Info for Sysadmins - AppSec Blog, Powershell Training, Uptime Monitor & More https://boringappsec.substack.com/ 4 comments sysadmin
- A simple, high-level framework on how & when to effectively use WAFs https://boringappsec.substack.com/p/edition-14-to-waf-or-not-to-waf 16 comments netsec
- Trying something new. Starting today, will try and write a primer on SAST for the next 4 weeks. Today's edition is an overview of what SAST is and why need it. https://boringappsec.substack.com/p/edition-11-appsec-primer-sast-part 4 comments netsec
- As a consultant (past) and product security person (current), I have often seen teams struggle with build v/s buy decisions. Here, I take a crack at making the decision making simpler https://boringappsec.substack.com/p/edition-9-a-build-vs-buy-framework 19 comments netsec
- Edition 8 talks about measurable alternatives to AppSec training (bonus: a mini-rant on AppSec standards) https://boringappsec.substack.com/p/edition-8-to-train-or-not-to-train 6 comments netsec
- Scaling AppSec programs is hard. Leveraging existing systems/initiatives from the rest of the org can help https://boringappsec.substack.com/p/edition-7-using-force-multipliers 14 comments netsec
- AppSec measurements are riddled with vanity metrics that don't tell us much. The latest edition talks about metrics that may work. https://boringappsec.substack.com/p/edition-6-top-4-appsec-metrics-and 17 comments netsec
- A new AppSec newsletter (5 editions old) focusing on timeless AppSec topics https://boringappsec.substack.com/ 4 comments netsec