Blog
Notes on breaking and securing web applications
Plain-language writing on penetration testing, application security, and the vulnerabilities I find most often — written to be useful whether you build software or buy it.
Ready to find your vulnerabilities before attackers do?
Book a security assessment and get a clear, prioritized picture of your application's real risk. No obligation, no automated-scan fluff.