Explore vs. Exploit: The Pattern-Novelty Balance
There’s a real cool concept that I always come back around to, which is the oscillation between “explore” and “exploit.” Best simple example is trying…
Category: Mix
API Security Platform of the Year 2025 — API Security
2025 has been one of Wallarm’s biggest years yet. In the last few months alone, we unveiled our industry-first API Revenue Protection capability, launched our…
Product comparison: Detectify vs. Tenable
Tenable Pros Holistic view of the entire IT estate, from external web servers to internal workstations and cloud infrastructure. Through purchasing its VPR and Attack…
![[tl;dr sec] #300 - Security Headcount Ratios + Hiring Plan, MCP Security, Compliance](https://image.cybernoz.com/wp-content/uploads/2025/10/tldr-sec-300-Security-Headcount-Ratios-Hiring-Plan.png)
[tl;dr sec] #300 – Security Headcount Ratios + Hiring Plan, MCP Security, Compliance
I hope you’ve been doing well! Episode 300 This issue will be a bit shorter as I’ve been in Tahoe all week with my Semgrep…
HTTP/1.1 must die: Dafydd Stuttard on what this means for enterprise security
Andrzej Matykiewicz | 09 October 2025 at 14:06 UTC At Black Hat USA 2025 and DEF CON 33, PortSwigger’s Director of Research, James Kettle, unveiled…
API Attack Awareness: Injection Attacks in APIs
Injection attacks are among the oldest tricks in the attacker playbook. And yet they persist. The problem is that the core weakness, trusting user inputs…
Layered security in action. How VDP, bug bounty, and PTaaS combine to protect your business.
You asked, and we answered. At Intigriti, we’ve been paying close attention to the questions most frequently asked by those with a bug bounty program…
Revisiting the AI Bubble | Daniel Miessler
I did a short post (and a video) about how AI shouldn’t be thought of as a bubble because a bubble is a false belief…
The future of pentesting is Human x AI, and it’s already in Burp Suite Professional | Blog
Andrzej Matykiewicz | 07 October 2025 at 13:17 UTC The latest Hacker-Powered Security Report from HackerOne makes one thing clear: AI-assisted pentesting isn’t a future…
AI Gives You Outcomes | Daniel Miessler
Here’s an interesting frame I’m messing with. Maybe AI is disruptive to the labor market because it combines tools, operators, and outcomes. So, when companies…
Red, Blue, Purple in Offensive Security
An honest reflection on the realities I’ve faced working as part of a Red Team I work as a security engineer in a corporate Red…
Product comparison: Detectify vs. Qualys
Qualys Pros Its unified platform provides a single pane of glass and powerful reporting capabilities that are ideal for satisfying broad compliance mandates and audit…