Appsec still deals with ancient vulns like SQL injection and XSS. And now LLMs are generating code along side humans. Sandy Carielli and Janet Worthington join us once again to discuss what all this new code means for appsec practices. On a positive note, the prevalence of those ancient vulns seems to be diminishing, but the rising use of LLMs is e...
Attackers aren’t breaching firewalls — they’re slipping instructions into prompts. Here’s why OWASP named prompt injection the top GenAI risk, and what it means for security teams.
You can’t patch prompt injection, but you can outsmart it. OWASP’s latest guidance lays out a layered defense strategy for building safer, more resilient GenAI applications.
Manual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers and all the grep-like tools to find flaws. Louis Nyffenegger describes the steps of a successful code review process. It's a process that starts with understanding code, which can even benefit from a...
