Unboxed AppSec

Unboxed AppSec

Home
Archive
About

October 2023

Well beyond the OWASP Top 10: the OWASP Application Security Verification Standard
Reasons why the Top 10 does not suffice to verify applications' security and to adopt ASVS instead.
  
Davide Ariu
Your vulnerability must be not my vulnerability
An overview of the OWASP Software Component Verification Standard for the prevention of software supply chain attacks.
  
Davide Ariu
The rise and fall of ModSecurity and the OWASP Core Rule Set (thanks, respectively, to robust and adversarial machine learning)
Adversarial ModSecurity: Countering Adversarial SQL Injections with Robust Machine Learning
  
Davide Ariu

September 2023

Evaluating AppSec solutions: from theory to practice
How to benchmark properly your *AST tools
  
Davide Ariu
Six Areas to monitor to improve Your Vulnerability Management Programme
All ready-to-use KPIs you need to start effective monitoring and continuous improvement.
  
Davide Ariu
“Follow the trend lines, not the headlines”.
Indicators to look at in a vulnerability management-related decision-making process.
  
Davide Ariu
Vulnerability Management: a CSIRT perspective
What Vulnerability Management is about (explained with the support of the CSIRT Services Framework)
  
Davide Ariu

May 2023

Why isn’t CVSS a Good indicator for a Vulnerability Management Program?
Vulnerability management is one of the cornerstones of a cyber risk mitigation strategy.
  
Davide Ariu
(a) Vulnerability is what happens to you while you are busy making other plans
About the lifetime of vulnerabilities in software development projects
  
Davide Ariu
About the insecurity of Content Management System Plugins
YODA is a name that evokes pleasant memories for many...
  
Davide Ariu
© 2025 Davide Ariu
PrivacyTermsCollection notice
Start writingGet the app
Substack is the home for great culture