AppSecEngineer

Your AI agents are silently running workflows and making decisions.
But do you really know how they're doing it?

Most teams don’t understand the Model Context Protocol (MCP), the invisible layer where AI agents store, retrieve, and update context across tasks. And guess what? It's riddled with vulnerabilities.

In our upcoming webinar, Abhay Bhargav covers real AI agent attacks, lightweight security controls, and key moves for security leaders.

📅 May 8 | 9 AM PT

If you’re building or deploying AI tools, this is not one to miss.👉 Register here: streamyard.com/watch/57ecW5Wbap2Z

6 days ago | [YT] | 0

AppSecEngineer

Input validation is key to secure coding!

In our latest video, we showcase how a flaw in NodeJS input validation led to a real-world MailChimp API abuse, highlighting the risks and demonstrating robust defenses with express-validator.

Perfect for developer teams looking to strengthen their secure coding practices.

Check out the video link in the comments and start securing your APIs today!

3 weeks ago | [YT] | 1

AppSecEngineer

Next.js Just Got Hit with a Critical Security Flaw

Imagine an attacker bypassing your app’s authorization checks, no brute force, no fancy exploits, just a simple trick to skip security middleware entirely.

That’s exactly what researchers just uncovered in Next.js.

The culprit? x-middleware-subrequest, an internal header that can be abused to bypass security middleware, potentially letting unauthorized users access protected routes.

In this video, Abhay Bhargav breaks down how this exploit works, why it puts Next.js applications at risk and what you need to do to lock it down.

Security teams and developers, this is one you cannot afford to ignore.

4 weeks ago | [YT] | 0

AppSecEngineer

A newly disclosed set of vulnerabilities, ‘IngressNightmare’ could let remote attackers execute arbitrary commands and completely take over Kubernetes clusters.

These flaws, affecting 6,500 publicly exposed clusters, have already impacted several Fortune 500 companies.

A CVSS severity score of 9.8 makes this a high-priority risk. Attackers can exploit these flaws to bypass Kubernetes API authentication, execute unauthorized directives, and access all cluster secrets, potentially leading to full cluster takeover.

In this video, Abhay Bhargav breaks down:⚠️ How the IngressNightmare exploit works⚠️ What risks it poses to Kubernetes clusters⚠️ What security teams must do right now to mitigate the threat

If you're running Kubernetes with Ingress-NGINX, you need to watch this.

1 month ago | [YT] | 0

AppSecEngineer

The biggest mistake in threat modeling? Trying to model an entire system at once.

Large-scale assessments may look comprehensive, but they often fail to deliver meaningful security insights to engineering teams.

> What if you could break it down into smaller, actionable steps?
> What if threat modeling could actually keep up with Agile development?

That’s exactly what we cover in our 120-minute workshop on System and Agile Threat Modeling, a hands-on session designed to show you how to move fast without missing security gaps.

Watch it now!

1 month ago | [YT] | 1

AppSecEngineer

SQL Injection has been around for years, yet it's still plaguing applications worldwide.

The good news? Prevention is simpler than you think!

Join Ganga Sumanth as she demonstrates how attackers exploit this vulnerability in NodeJS applications and shows a quick, effective method to keep your app secure.

4 months ago | [YT] | 0

AppSecEngineer

Command injection vulnerabilities can wreak havoc on your Node.js applications if left unchecked. But identifying and fixing them doesn't have to be overwhelming.

In this video, Ganga Sumanth walks you through:
✔️ Identifying command injection vulnerabilities
✔️ Real-world examples of unsafe practices
✔️ Proven strategies for secure coding, input validation, and error handling

Don't let critical vulnerabilities compromise your applications.
Learn how to defend against command injection attacks effectively!

4 months ago | [YT] | 0

AppSecEngineer

Are you an aspiring professional ready to start your DevSecOps journey?

Watch Abhay Bhargav and ‪@PrabhNair1‬ dive deep into the essentials of DevSecOps:
✅ Key principles for secure DevOps practices
✅ Must-know tools for seamless integration
✅ Career paths and opportunities in DevSecOps

🎧Tune in now and start building a future in DevSecOps!

5 months ago | [YT] | 1

AppSecEngineer

Need smaller, more secure Docker images? See how Docker Slim reduces your attack surface by slimming images down dramatically.

Watch this to see how it works and why it's important for container security.

#DevSecOps #AppSec #containersecurity #docker #dockerslim

6 months ago | [YT] | 0

AppSecEngineer

Learn how to architect secure AWS environments by integrating security best practices from the ground up. #securebydesign #awssecurity #AWS

6 months ago | [YT] | 0