Great time chatting with Ken Johnson and SeThLaW (l4wke) - we already have some fun stuff in the works for another Absolute AppSec episode in the future!

Every year we try to support growing the local community. This includes getting as many people free access to these high quality talks. The only guarenteed way to get a ticket is to pay (25$) for the 2 day con. These are going to be first come first serve.

And we're liiiiiiiive! (in about 10 minutes) Absolute AppSec youtube.com/watch?v=TudqDd…

You wont' want to miss this one!

We've heard the community and in response SeThLaW (l4wke) and I are finally delivering the Absolute AppSec Secure Code Review course again, **virtually**, at the end of this month (March 27 & 28th). Register at training.absoluteappsec.com DM for any questions you might have.

the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with inzo that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!

There are still a few seats left in our virtual secure code review course this Thur and Friday training.absoluteappsec.com

We - DryRunSecurity - performed 3 bake-offs against Snyk Semgrep SonarQube and CodeQL (GitHub)... the results are incredible for us. Check them out at: dryrun.security/blog

🚨 On May 12 & 13, The Application Security Podcast is running a virtual Secure Code Review course! ✅ Great for devs & security folks ✅ Tech-agnostic, hands-on ✅ Manual review + smart AI assist ✅ Cert on completion Taught by SeThLaW (l4wke) & me — sign up at: training.absoluteappsec.com

On our latest episode of Absolute AppSec - SeThLaW (l4wke) and I shared how to get Claude Desktop connected to Damn Vulnerable MCP Server. Shortened clip:

🇲🇽Happy Cinco De Mayo! 🇲🇽 And there is even more reason to celebrate because there are still seats left for SeThLaW (l4wke) and I's Absolute AppSec Secure Code Review course next Monday & Tuesday 😜 (training.absoluteappsec.com)

There is a philosophical difference between augmenting deterministic methods with AI vs starting with probabilistic methods and enriching analysis thru code comprehension. Put plainly - When you start with patterns, you miss what REALLY matters. dryrun.security/blog/beyond-pa…

Once again, we have a livestream podcast coming up in 20 minutes. This week we're going to advise the new class of ever-optimistic graduates about the risks of third-party packages. Join Ken Johnson and SeThLaW (l4wke) as they discuss easyjson and so much more. youtube.com/watch?v=91bQZJ…

📣📣📣 REMINDER 📣📣📣 The Absolute AppSec practical secure code review course was moved from May to June 16 & 17. We still have seats available! Register at training.absoluteappsec.com

Interesting read on adapting developer workflows with (functional) AI Code Reviews: refactoring.fm/p/ai-code-revi…

2 weeks left to register for this course! (and we've got some "hush hush" additional content/code for the course 🙂). Register at training.absoluteappsec.com linkedin.com/posts/absolute…

Less than 1 week out (June 16/17) and SeThLaW (l4wke) and I still have seats left for our remote/virtual (AI Enhanced) Manual Secure Code Review course. Sign up at the Absolute AppSec site: training.absoluteappsec.com

One of my favorite features and something we've been delivering & improving on for over a year now. I wish this was available to me when I worked as a defender - could have saved us from sooooo many bug bounty submissions.

Constructing a Trustworthy Evaluation Methodology for Contextual Security Analysis dryrun.security/blog/construct…

Thanks again to The Boring AppSec podcast for having me on! You can check out the episode, here: youtube.com/watch?v=sLW1yM…