What The Hack is Web App Sec?

Is AI-assisted 'vibe coding' making your applications more vulnerable to decades-old attacks? It's time to build a culture of shared responsibility for security.

#1about 1 minute

Making web application security accessible to developers

Web application security is a critical but often overlooked topic that can be made more engaging for developers through relatable storytelling.

#2about 2 minutes

A developer's path from operations to security

A background in operations provides a natural entry point into security, highlighting that it's an encompassing field involving people and processes, not just technology.

#3about 3 minutes

Comparing the challenges of security and accessibility

Security and accessibility share common challenges as they are both complex, often addressed late in the development process, and require a holistic approach.

#4about 4 minutes

Balancing developer and stakeholder security priorities

Developers often prioritize building secure code from the start, while stakeholders may focus on cost, but proactive security investment is increasingly seen as a business value.

#5about 4 minutes

How AI-assisted coding impacts web application security

While AI accelerates code production, it also increases the volume of potential vulnerabilities, making it crucial to integrate AI tools into a structured development lifecycle.

#6about 2 minutes

Why security is a shared responsibility for every role

Security is a collaborative effort that involves everyone from designers to developers, and it cannot be delegated to a single specialist or department.

#7about 3 minutes

Getting started with security tools and team communication

Developers can begin improving security by integrating static analysis tools like linters into their workflow and fostering open team communication about vulnerabilities.

#8about 2 minutes

Adopting a zero-trust mindset with input validation

The most impactful habit a developer can adopt is to rigorously validate all inputs by default, treating any incoming data as untrusted until proven otherwise.