Security Engineer Interview Questions: What is XXE?We’re creating a super-useful series called Security Engineer interview questions, where we dive into real-world interview questions on…Jan 29, 2021Jan 29, 2021
TL;DR on the AWS Lambda Security OverviewAWS recently released a whitepaper on the Security Overview of Lambda. This document is meant to be an in-depth look at Lambda Security…Jan 26, 2021Jan 26, 2021
Seven Deadly Sins of Container Security — Part 1This video is AppSecEngineer’s Part 1 of Seven Deadly Sins of Container Security. These specifically refer to 7 different mistakes that…May 22, 2019May 22, 2019
InfoSec is a lot like Stand-up ComedyI have been in InfoSec since 2008. I started extensively presenting at conferences and events from 2014 or so (when I felt I had something…Nov 15, 2018Nov 15, 2018
Published inAppSecEngineerA Guided Tour of the AWS Key Management Service (KMS)-as-CodeI started doing PCI-DSS Audit work in 2008 (yes I know). Since then, PCI-DSS has always had “Requirement 3”, a PCI-DSS set of security…Nov 12, 20181Nov 12, 20181
Published inAppSecEngineerDynamoDB InjectionI have been developing a bunch of serverless apps and experimenting with serverless security for our (we45’s) work in Pentesting and for…Jun 28, 2018Jun 28, 2018
Published inAppSecEngineerHOWTO: Amazon Inspector with TerraformI have been playing around with Terraform for the last 2 months or so, and I really enjoy working on it. The entire approach to…Jun 15, 2018Jun 15, 2018
Integrating E2E and Application Security Testing: HOWTo with NightwatchJS and OWASP ZAPThe ProblemApr 16, 2018Apr 16, 2018