🛠️ 𝐀𝐧𝐭𝐢𝐒𝐒𝐑𝐅 New secure-by-default library by @msftsecurity that prevents SSRF attacks. Currently supports .NET and Node.js.

The original "Showstopper!: The breakneck race to create Windows NT and the next generation at Microsoft " from 1994 was one of those books that fundamentally changed how I think about software development. Reading about Dave Cutler's team building Windows NT from the ground up — the engineering culture, the technical decisions under pressure, the relentless focus on architecture — that influenced how I approach development and security. When I first read it, I was earlier in my security journey. While the book wasn't specifically about security, seeing how they thought about system design from the ground up, the importance of getting the foundation right, that was a lightbulb moment. This new edition reminds us that great software comes from great engineering culture and disciplined architecture decisions. In security, we talk a lot about "shifting left," but really we're talking about the same thing - getting the fundamentals right from the start. What book fundamentally changed how you approach your craft? #ApplicationSecurity #SoftwareEngineering #BookRecommendation #Engineering

241 new appsec.fyi resources — SSRF ( 12), AI ( 10), API Security ( 10), 22 more. appsec.fyi

Async IO in Python: A Complete Walkthrough – Real Python The content titled "Async IO in Python: A Complete Walkthrough" on Real Python likely provides a comprehensive guide on asyn… realpython.com/async-io-pyth… #appsec #Python

I've been building the iOS companion to appsec.fyi — bringing those 3,000 curated application security resources to your phone. It's done! Mobile-first features: • Offline access to all articles and tools • Interactive topic explorer with 75 connections • Built-in security glossary (48 terms) • Browse by 25 topics (XSS, SQLi, SSRF, IDOR, RCE, etc.) • Background sync for new content Grab it here - apps.apple.com/app/id6762207…

I've been building appsec.fyi — a free curated library of application security resources. 2,600 articles, tools, and writeups across 22 topics (XSS, SQLi, SSRF, IDOR, RCE, and more). Just added search 6 new topics. Submissions welcome. appsec.fyi

I built csp-toolkit to parse and analyze Content Security Policy headers at scale. 21 checks, 79 bypass domains, full CLI #Python API. pip install csp-toolkit Read more at - chs.us/2026/03/csp-toolkit/ #infosec #bugbounty #appsec #opensourcesecurity #csp

New post: Use-After-Free vulnerabilities — what they are, how they're exploited, and how to find them with ASan, libFuzzer, and CodeQL. Includes real CVEs from Chrome and the Linux kernel. chs.us/2026/03/use-after-fre… #appsec #security #memorysafety

New post: CVE-2026-27696 — SSRF in changedetection.io via URL validation bypass. Default installs have no auth, and the server will happily fetch your AWS metadata endpoint. Root cause, attack scenario, and the TOCTOU problem most URL validators miss. chs.us/2026/02/ssrf-changede…

I met @wtm_offensi years ago and so glad to see him getting a spotlight blog post. He’s a super talented researcher and overall great person to have a convo with. I highly suggest giving the blogpost a read!

“You don’t pick the bugs. The bugs pick you.” Meet Wouter (@wtm_offensi), Microsoft MVR and Zero Day Quest 2026 qualifier, and read his security research journey: msft.it/6016QHeaC

Day FOUR of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec 5th Giveaway = FOUR seats to our ONE OF A KIND course on using AI to scale you as a Red, Blue, or Purple Teamer: !! Red Blue Purple AI !! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus link below 👇

Day TWO of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec 3rd Giveaway = FOUR seats to our new course by @the_IDORminator "Zero to [BAC] Hero" ! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus link below 👇

To help celebrate @arcanuminfosec Information Security's two-year anniversary, @Jhaddix gave me 5 codes good for any Arcanum course to give away! Winners will be announced on 1/22. 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries!

Just finished up a great first day at #AmericaFest!

Any chance of getting a picture with you at AmericaFest, @JesseBWatters? It’s my wife’s birthday this weekend and she chose for us all to go to Phoenix for her birthday! Would be a great birthday present. :)

Join me on Polymarket polymarket.us/5933