AppSec Brief · 59 articles · 15 guides · 44 vuln classes · 12 languages Subscribe

Application Security for Developers

Secure code is
readable code.

Deep-dive guides on SQL injection, JWT attacks, supply chain security, and more. Code-forward. No fluff.

Recent Articles View all

vuln
Host Header Injection: Password Reset Poisoning, Cache Deception, and SSRF
OWASP A05:2021
pythonjavascriptjava
vuln
Session Fixation and Cookie Security: The Vulnerabilities Developers Still Get Wrong
vuln
Open Redirect Vulnerabilities: Detection, Exploitation, and Prevention
OWASP A01:2021
pythonjavascriptgo
guide
HTTP Parameter Pollution: How Duplicate Parameters Break Application Security Logic
vuln
NoSQL Injection: MongoDB Operator Abuse and Prevention Guide
OWASP A03:2021
javascriptpythonnode
guide
OWASP Top 10 2026: Software Supply Chain Failures at A03 — What Developers Must Change
OWASP A03:2026
pythonjavascriptjava
vuln
Path Traversal Attacks: Prevention Patterns in Python, Node.js, Java, and Go
vuln
Miasma: The npm Worm That Weaponised OIDC Tokens Against Red Hat Packages
javascriptpython
All articles →