December 4, 2025 OSWE: 5 Years Later A retrospective on the Offensive Security Web Expert certification five years later, and how its open-box methodology shaped my approach to application security.

March 5, 2022 Building Custom Detection Signatures (SAST) Writing custom Semgrep rules to detect application-specific vulnerabilities that generic SAST tools miss, with real-world examples and pattern design.

January 19, 2022 Automating DAST Scanning with OWASP ZAP Setting up authenticated OWASP ZAP scans in Docker with session handling and Slack reporting.