What makes a “security champion” successful in a dev team? What makes them good at it? What makes a bad one? How can you tell if it's going well or not? #talkappsectome
November 6, 2025 at 4:25 PM
What makes a “security champion” successful in a dev team? What makes them good at it? What makes a bad one? How can you tell if it's going well or not? #talkappsectome
Is there an #AppSec or #DevSecOps trend right now that you think is overhyped? Which one and whyyyyyy? Tell me your feels #talkappsectome
October 30, 2025 at 11:41 PM
Is there an #AppSec or #DevSecOps trend right now that you think is overhyped? Which one and whyyyyyy? Tell me your feels #talkappsectome
What’s your “AppSec origin story”? How did you end up in this field? Tell me your story. #talkappsectome
October 24, 2025 at 3:42 AM
What’s your “AppSec origin story”? How did you end up in this field? Tell me your story. #talkappsectome
What’s your team’s strategy for prioritizing vulnerabilities — CVE score, EPSS, exploitability, asset value, all of the above? How do you decide? #talkappsectome
October 2, 2025 at 8:10 PM
What’s your team’s strategy for prioritizing vulnerabilities — CVE score, EPSS, exploitability, asset value, all of the above? How do you decide? #talkappsectome
Have you ever caught a critical vuln with a linter or formatter before a security scan even ran? If so, what was it? And how did you do it? #talkappsectome
September 25, 2025 at 9:56 PM
Have you ever caught a critical vuln with a linter or formatter before a security scan even ran? If so, what was it? And how did you do it? #talkappsectome
What's your favorite security header, and why is it Content Security Policy? (Or... not?) #talkappsectome
September 19, 2025 at 3:17 AM
What's your favorite security header, and why is it Content Security Policy? (Or... not?) #talkappsectome
How do you approach security when working in a serverless architecture? Any special considerations? Just because it's brief, doesn't mean there is no risk.... Right? #talkappsectome
September 11, 2025 at 11:08 PM
How do you approach security when working in a serverless architecture? Any special considerations? Just because it's brief, doesn't mean there is no risk.... Right? #talkappsectome
What's your "security hill to die on"? (The practice or principle you’ll always advocate for.) What is it and why is it worth it? #talkappsectome
September 4, 2025 at 9:20 PM
What's your "security hill to die on"? (The practice or principle you’ll always advocate for.) What is it and why is it worth it? #talkappsectome
Have you ever built your own security tooling? What did it do? Would you do it again? Was it hard? Do you still use it? Can I have a copy? Lol. Seriously, tell me everything. #talkappsectome
August 28, 2025 at 4:52 PM
Have you ever built your own security tooling? What did it do? Would you do it again? Was it hard? Do you still use it? Can I have a copy? Lol. Seriously, tell me everything. #talkappsectome
What’s your favorite security tool that nobody talks about? Let’s give it some love. Tell me why its SO GOOD #talkappsectome
PS If you are a vendor/sales/marketing please don't tell me about your tool. I want practitioners on this thread please. 🙏😇
PS If you are a vendor/sales/marketing please don't tell me about your tool. I want practitioners on this thread please. 🙏😇
August 22, 2025 at 3:11 AM
What’s your favorite security tool that nobody talks about? Let’s give it some love. Tell me why its SO GOOD #talkappsectome
PS If you are a vendor/sales/marketing please don't tell me about your tool. I want practitioners on this thread please. 🙏😇
PS If you are a vendor/sales/marketing please don't tell me about your tool. I want practitioners on this thread please. 🙏😇
Should developers be responsible for fixing all security issues — or just some? Where do you draw the line? What SHOULD get fixed and what's okay to skip? Also, do the devs need to do EVERYTHING? #talkappsectome
August 14, 2025 at 4:40 PM
Should developers be responsible for fixing all security issues — or just some? Where do you draw the line? What SHOULD get fixed and what's okay to skip? Also, do the devs need to do EVERYTHING? #talkappsectome
What’s the most misunderstood #AppSec concept you encounter again and again? What do people get wrong, over and over? And how can we help them do better? #talkappsectome
August 8, 2025 at 12:59 AM
What’s the most misunderstood #AppSec concept you encounter again and again? What do people get wrong, over and over? And how can we help them do better? #talkappsectome
Do you do threat modeling in your team? If yes — what’s your favorite methodology? If no — why not?
#talkappsectome
#talkappsectome
August 1, 2025 at 3:18 AM
Do you do threat modeling in your team? If yes — what’s your favorite methodology? If no — why not?
#talkappsectome
#talkappsectome
What's your approach to secrets management? Vault? ENV vars? In your code? 😱 Something else? D #talkappsectome
July 24, 2025 at 5:55 PM
What's your approach to secrets management? Vault? ENV vars? In your code? 😱 Something else? D #talkappsectome
You just found a high-severity vuln in prod… what’s your first move? What's next? What do you do? #talkappsectome
July 17, 2025 at 11:05 PM
You just found a high-severity vuln in prod… what’s your first move? What's next? What do you do? #talkappsectome
What’s one thing developers do that drives AppSec folks absolutely bananas? And the opposite. Developers, what's something AppSec teams do that drive you up the wall?
#talkappsectome
#talkappsectome
July 10, 2025 at 8:53 PM
What’s one thing developers do that drives AppSec folks absolutely bananas? And the opposite. Developers, what's something AppSec teams do that drive you up the wall?
#talkappsectome
#talkappsectome
July 4, 2025 at 2:49 AM
What’s a common secure coding best practice that you think is overrated or misused? And why.
#talkappsectome
#talkappsectome
July 3, 2025 at 6:14 PM
What’s a common secure coding best practice that you think is overrated or misused? And why.
#talkappsectome
#talkappsectome
Does "Shift Left" still mean something? If so, what does it mean to you?
#AppSecThursday #TalkAppSecToMe
#AppSecThursday #TalkAppSecToMe
June 27, 2025 at 12:59 AM
Does "Shift Left" still mean something? If so, what does it mean to you?
#AppSecThursday #TalkAppSecToMe
#AppSecThursday #TalkAppSecToMe
What’s the funniest or most bizarre vulnerability you've ever seen or heard of?
#AppSecThursday #TalkAppSecToMe
#AppSecThursday #TalkAppSecToMe
June 19, 2025 at 4:13 PM
What’s the funniest or most bizarre vulnerability you've ever seen or heard of?
#AppSecThursday #TalkAppSecToMe
#AppSecThursday #TalkAppSecToMe
Being the strongest link in the chain doesn't matter. #AppSecThursday #TalkAppSecToMe
June 6, 2025 at 3:29 AM
Being the strongest link in the chain doesn't matter. #AppSecThursday #TalkAppSecToMe
If you could give one piece of advice to a junior developer about security, what would it be?
#AppSecThursday #TalkAppSecToMe
#AppSecThursday #TalkAppSecToMe
June 6, 2025 at 3:24 AM
If you could give one piece of advice to a junior developer about security, what would it be?
#AppSecThursday #TalkAppSecToMe
#AppSecThursday #TalkAppSecToMe
Tag a colleague or friend who’s an expert at securing coding! They are AWESOME and should be celebrated.
#AppSecThursday #TalkAppSecToMe
#AppSecThursday #TalkAppSecToMe
May 30, 2025 at 2:31 AM
Tag a colleague or friend who’s an expert at securing coding! They are AWESOME and should be celebrated.
#AppSecThursday #TalkAppSecToMe
#AppSecThursday #TalkAppSecToMe
If we're developing for cloud only, does that change your approach to securing your applications? If so, how?
#AppSecThursday #TalkAppSecToMe
#AppSecThursday #TalkAppSecToMe
May 22, 2025 at 6:25 PM
If we're developing for cloud only, does that change your approach to securing your applications? If so, how?
#AppSecThursday #TalkAppSecToMe
#AppSecThursday #TalkAppSecToMe
That secure coding can be done in a vacuum. It's not just a dev thing. It's not just a whole-of-IT thing. It's a whole-of-business thing.
#AppSecThursday #TalkAppSecToMe
#AppSecThursday #TalkAppSecToMe
May 15, 2025 at 10:23 PM
That secure coding can be done in a vacuum. It's not just a dev thing. It's not just a whole-of-IT thing. It's a whole-of-business thing.
#AppSecThursday #TalkAppSecToMe
#AppSecThursday #TalkAppSecToMe