Insights on product security testing, real-world vulnerabilities, and protecting modern applications — including AI/MCP attack surfaces.
The OpenClaw incident proved that AI agent skills can be weaponized as malware delivery channels. Here's what happened, why it mirrors the npm supply chain crisis, and what to do about it.
2026-02-06 · Appsecco
In 2004, SQL injection was poorly understood and input validation was ad-hoc. In 2026, prompt injection is the same story — except the blast radius is bigger.
2026-02-06 · Appsecco
Gartner says 40% of enterprise apps will feature AI agents by end of 2026. Only 6% of organizations have an advanced AI security strategy. The math doesn't work.
2026-02-06 · Appsecco
A real-world incident cost a developer $100 through an image-based prompt injection targeting an MCP tool. Here's what happened, why it matters, and how we test for it.
2026-02-06 · Appsecco
--
2024-03-26 · 6 following
--
2023-11-16 · Appsecco
112
2023-11-08 · Appsecco
8
2023-08-09 · Mastodon
5
2023-07-18 · Appsecco
35
2023-05-29 · Appsecco
8
2023-05-18 · Appsecco
7
2023-05-08 · 6 following
23
2023-05-03 · Mastodon
Member-only story
2023-02-22 · Appsecco
Member-only story
2023-02-21 · Appsecco
162
2023-02-09 · Appsecco
Davos 2023: Experts call for a global response to the gathering 'cyber storm'
2023-01-19 · Appsecco
10
2022-11-09 · Appsecco
The Big Uber Hack - what can we learn from the incident?
2022-11-09 · Appsecco
Hacking apps using NoSQL Injection
2022-10-13 · Appsecco
3
2022-10-11 · 1 following
Nullcon 2022: Tech Talks Compilation 2
2022-09-28 · Appsecco
Nullcon 2022: Tech Talks Compilation 1
2022-09-26 · Appsecco
Nullcon 2022 : Winning Friends, Meeting teams, Pwning Apps
2022-09-12 · Appsecco
36
2022-07-05 · Appsecco
47
2022-06-23 · Appsecco
19
2022-06-02 · Appsecco
66
2022-05-19 · Appsecco
My 1 year @ Appsecco and to many more
2021-12-28 · Appsecco
Security Guidance for Apache Log4j (CVE-2021–44228)
2021-12-14 · Appsecco
4
2021-12-14 · Appsecco
20
2021-06-10 · Appsecco
Hacker Days: Understanding AWS cloud attacks using CloudGoat
2021-06-10 · Appsecco
156
2021-04-14 · Appsecco
13
2021-04-09 · Appsecco
209
2021-04-06 · Appsecco
AllDayDevOps Virtual Viewing Party at Appsecco
2020-11-10 · Appsecco
2
2020-11-10 · 1 following
10
2020-09-23 · Appsecco
65
2020-08-25 · Appsecco
48
2020-06-03 · Appsecco
My experience as an intern learning about DevSecOps
2020-05-04 · Akash and
175
2020-04-08 · Riyaz’s
Microservices Authorization using Open Policy Agent and Traefik (API Gateway)
2020-04-07 · Appsecco
372
2020-04-05 · Appsecco
100
2020-04-02 · Appsecco
220
2020-01-16 · Appsecco
13
2020-01-02 · Appsecco
2
2019-12-31 · Appsecco
18
2019-12-18 · 1 following
95
2019-12-06 · Appsecco
115
2019-11-25 · Appsecco
21
2019-09-18 · Appsecco