🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

"We believe that using the tools is easier than training or threat modeling" Said the AppSec head of an org that I know from experience, has constantly had epic fails on security. Yet, they're doubling down on a losing strategy. Buy expensive 💩, and hope the problems that they

A young colleague of mine, asked me today " I fear AI will replace my job in near future. What's your perspective on this ? and what would you advise me to be immune to this?" This is hitting people and rightfully so. I work with AI and build things on AI everyday and I am

Security Interchange formats that can help you standardize vulnerability management and exchange it across multiple diverse systems: SARIF - Static Analysis Results Interchange Format. Used for SAST, SCA VEX - Vulnerability EXchange. Provides context about whether a

Security Unit Tests are an extremely underrated way to great Application Security. * Can be used to test cases of AuthN and AuthZ at great speed * Can be used to verify simple controls in the pipeline without DAST/IAST * Can be used to test and verify policy-as-code and IaC

A less discussed aspect of being a great Security Architect is this: Can you build security into the architecture with it being easy to modify as the system scales or changes? So many overengineered and unmaintainable security implementations come from the absence of this

Team's been working on a bunch of AI pentesting, red-teaming, Threat Modeling and Security Architecture review engagement. Real talk: GenAI products are very probablistic and while they can be security tested, I think its much more useful doing a Threat Model + Security

"We weren't aware of the depth of this issue" I have spoken to 4 customers this week. Each of them have gone "full steam ahead" on AI initiatives. They've implemented custom models, fine-tuned existing ones. Implemented Inference interfaces with Agentic and non-Agentic RAG,

I am such a South Indian boy. I’ve tried magnesium, melatonin gummies, and everything under the sun to help me sleep better and turns out that the best sleep I get, is after I eat some curd rice

Soham Parekh is the new Jia Tan? Iykyk

Aah, the wonderful security theater of indian banks. They'll disable copy-paste for password and break password managers. But.... they'll transmit financial transactions in cleartext 😬

I thought httpie was curl for millennials ? 🧐

As I have been saying repeatedly. All your devs are code reviewers. And they need to especially review this code for security

I dont work much with MSFT products. But I've recently been working with the Graph API and find that it's pretty good. A single unified API across most (if not all) MSFT cloud products. Even the Access Control Params seem a little more manageable. Atypical for Microsoft

I've spent the last 30 hours relentlessly trying to deploy python apps to Cloudflare containers, with mixed results AMA

Interesting take that runs contrary to a lot of currently established python guidance