Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!
Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!
Hey friend π,
Wow. November whisked by so fast. I swear we were all just parked in a pumpkin patch gorging on candy. And now we're on December's doorstep, getting ready for Christmas. π
I dunno about you, but I took some time off in November to recharge and get ready for the holiday season. My wife and I went storm watching on Vancouver Island and enjoyed this view for a week:
Storm watching on Vancouver Island in November
When we weren't outside in the chilling cold, we stayed inside and...
This is awkward. You just had a newsletter delivered yesterday... and now you are getting this one. The monthly review doesn't usually fall right after the weekly one... so apologies for hitting your inbox so soon.
But it's that time. The era of "pumpkin everything" is ending... and the days of "peppermint everything" are upon us. π βοΈ
I always love this time of the year. The change in season always makes me happy. The leaves turn to crimson and gold, and I can start drinking hot chocolate...
Where the heck did September go? It seems in the blink of an eye, we started seeing everything pumpkin-spiced showing up on the shelves, and now we're gearing up for October festivities.
I will admit though that finding pumpkin-spiced Oreos was "interesting".
Yeah, you can get pumpkin-spiced Oreos now!
I wonder if I need to start looking out for Halloween Oreos. I'm sure they exist. π€£
Anyway, I enjoyed those Oreos with coffee and a good book. Lately, I have been reading "A Vulnerable...
Wow. August went by fast. Fires. Floods. Hacker Summer camp. Just crazy.
Honestly, I tried to hide from it all in August. I gravitated to the cool breeze of the sea when I could. Almost felt guilty listening to friends talk about the hell they were going through while I was looking at this:
View from my balcony at the BlackRock Resort on Vancouver Island
While I was on the island, I tried to get some reading in. I'm not much of a fiction reader. Cryptonoicon by Neal Stephenson is one of my...
Can you believe it? July has come and gone in the blink of an eye. It feels like just yesterday we were celebrating the start of summer, and now here we are, already stepping into August.
Where did the time go?
Anyways, this month I was hanging out in Whistler, catching up on some work and relaxation.
I've been reading Four Battlegrounds: Power in the Age of Artificial Intelligence by Paul Scharre. Originally I picked up this book as I liked Paul's book on Army of None: Autonomous Weapons...
June was a lot of fun. We held the OWASP AppSec Days Pacific Northwest conference in Portland, Oregon... and sold out the show. Met a lot of appsec peeps in the community, including several from the API Hacker Inner Circle.
Great to see those of you who came by! ππΌ
Afterward, my wife and I took some time off to drive down the Oregon coast and just explore. What an amazing coastline.
Having the time to explore also gave me some time to catch up on reading too.
I've been reading The Perfect...
Hey friend π,
Just got back from a trip to Alaska. It was beautiful weather, but it was still too damn cold for this Canadian boy. π₯Ά
I mean, just look how icy blue the water was in Glacier Bay...
One good thing about the trip was that I got to drink a lot of hot chocolate and catch up on some reading. I just finished reading The Wires of War: Technology and the Global Struggle for Power. It was an interesting read from a Googler in the middle of it all, and it really got me thinking about...
Hey friend π,
Last weekend was the annual BSides Vancouver conference. It was fantastic to see the security community getting together again in person. I had a great time chatting with Mikko after his keynote. We've been in the industry for about the same amount of time and have chewed a lot of the same ground over the years.
With the weather looking so great, I couldn't stay cooped up at the conference. I grabbed Mikko's book and enjoyed an iced chai outside. Highly recommend you pick up...
Hey friend π,
It's that time again...
Time for another month in review!
Latest Articles
So, here is a synopsis of what I wrote about last month:
I showcased some of the new changes coming to the OWASP API Security Top 10 list in 2023.
I discussed the ins and outs of offensive AI and how we as API hackers can benefit from it.
I explained why itβs important to include a working exploit in your vulnerability report and how to protect it so others donβt weaponize it.
I shared my article...
Hey friend π,
Where did February go?
Where did February go... hmmmm?
Time for another month in review!
Latest Articles
So, here is a synopsis of what I wrote about last month:
I shared how as a hacker to beat down the demon of self-doubt and embrace imposter syndrome as a healthy signal for motivation and drive.
I went into detail on how to exploit embedded APIs by dumping firmware, and walked you through how to swipe source code directly from microchips.
I discussed how to look at your API...