AppSecEngineer

This session takes you on a supply chain security thrill ride, zeroing in on malicious modules, hidden entry points, and the real tricks threat actors use to wreak havoc across the SDLC.

1 month ago | [YT] | 0

AppSecEngineer

SBOMs don’t lie, and after this session, neither will your dependency reports.

1 month ago | [YT] | 0

AppSecEngineer

If you’ve been tasked with making threat modeling actually work in your org, this session gives you the clarity and playbook to get it done.

1 month ago | [YT] | 0

AppSecEngineer

Threat modeling is practically non-existent in healthcare.
Yet every EHR breach could’ve been prevented by asking the right questions before deployment.

This June 25, join Abhay Bhargav as he walks through:
→ How to apply threat modeling to clinical apps
→ Secure coding + DevSecOps for healthcare teams
→ How to embed AppSec without slowing delivery
→ Building training beyond HIPAA checklists

Don’t miss this.📅

Register here: streamyard.com/watch/HWCMY2fsMXmM

5 months ago | [YT] | 0

AppSecEngineer

Your AI agents are silently running workflows and making decisions.
But do you really know how they're doing it?

Most teams don’t understand the Model Context Protocol (MCP), the invisible layer where AI agents store, retrieve, and update context across tasks. And guess what? It's riddled with vulnerabilities.

In our upcoming webinar, Abhay Bhargav covers real AI agent attacks, lightweight security controls, and key moves for security leaders.

📅 May 8 | 9 AM PT

If you’re building or deploying AI tools, this is not one to miss.👉 Register here: streamyard.com/watch/57ecW5Wbap2Z

7 months ago | [YT] | 0

AppSecEngineer

Input validation is key to secure coding!

In our latest video, we showcase how a flaw in NodeJS input validation led to a real-world MailChimp API abuse, highlighting the risks and demonstrating robust defenses with express-validator.

Perfect for developer teams looking to strengthen their secure coding practices.

Check out the video link in the comments and start securing your APIs today!

7 months ago | [YT] | 1

AppSecEngineer

Next.js Just Got Hit with a Critical Security Flaw

Imagine an attacker bypassing your app’s authorization checks, no brute force, no fancy exploits, just a simple trick to skip security middleware entirely.

That’s exactly what researchers just uncovered in Next.js.

The culprit? x-middleware-subrequest, an internal header that can be abused to bypass security middleware, potentially letting unauthorized users access protected routes.

In this video, Abhay Bhargav breaks down how this exploit works, why it puts Next.js applications at risk and what you need to do to lock it down.

Security teams and developers, this is one you cannot afford to ignore.

7 months ago | [YT] | 0

AppSecEngineer

A newly disclosed set of vulnerabilities, ‘IngressNightmare’ could let remote attackers execute arbitrary commands and completely take over Kubernetes clusters.

These flaws, affecting 6,500 publicly exposed clusters, have already impacted several Fortune 500 companies.

A CVSS severity score of 9.8 makes this a high-priority risk. Attackers can exploit these flaws to bypass Kubernetes API authentication, execute unauthorized directives, and access all cluster secrets, potentially leading to full cluster takeover.

In this video, Abhay Bhargav breaks down:⚠️ How the IngressNightmare exploit works⚠️ What risks it poses to Kubernetes clusters⚠️ What security teams must do right now to mitigate the threat

If you're running Kubernetes with Ingress-NGINX, you need to watch this.

7 months ago | [YT] | 0

AppSecEngineer

The biggest mistake in threat modeling? Trying to model an entire system at once.

Large-scale assessments may look comprehensive, but they often fail to deliver meaningful security insights to engineering teams.

> What if you could break it down into smaller, actionable steps?
> What if threat modeling could actually keep up with Agile development?

That’s exactly what we cover in our 120-minute workshop on System and Agile Threat Modeling, a hands-on session designed to show you how to move fast without missing security gaps.

Watch it now!

7 months ago | [YT] | 1

AppSecEngineer

SQL Injection has been around for years, yet it's still plaguing applications worldwide.

The good news? Prevention is simpler than you think!

Join Ganga Sumanth as she demonstrates how attackers exploit this vulnerability in NodeJS applications and shows a quick, effective method to keep your app secure.

11 months ago | [YT] | 0