R2C pays me to write these articles for their blog, and gives me permission to cross-post them here.
Series: Articles for r2c
Articles for r2c: Bringing Security along on the CI/CD journey January 11th, 2021
Practical ways to bridge the gap between AppSec and Engineering.
Articles for r2c: Not all attacks are equal: understanding and preventing DoS in web applications September 11th, 2020
Denial-of-Service (DoS) vulnerabilities are common, but teams frequently disagree on how to treat them. The risk can be difficult to analyze: I’ve seen development teams argue for weeks over how to handle a DoS vector. This article tries to cut through those arguments. It provides a framework for engineering and application security teams to think about denial-of-service risk, breaks down DoS vulnerabilities into high-, medium-, and low-risk classes, and has recommendations for mitigations at each layer.
Articles for r2c: Preventing SQL Injection in Django May 15th, 2020
SQL Injection (SQLi) is one of the most dangerous classes of web vulnerabilities. Thankfully, it’s becoming increasingly rare — thanks mostly to increasing use of database abstraction layers like Django’s ORM — but where it occurs it can be devastating. This article will help you understand and prevent SQLi vulnerabilities in your Django apps.