Application security, made easier.

Research you can reference, training you can follow, and CVE intelligence for software builders.

Training — 37 lessons across 6 pathways

A hands-on, lifecycle-first journey through application security. Six pathways follow the software lifecycle — from building a security mindset to breaking your own apps before someone else does.

We've modernised appsec training around the way software actually gets built:

ThinkCodeBuildShipRunBreak

1
ThinkBuild a security mindset: threats, boundaries, and intent.5 lessons
2
CodeWrite secure code: injection, auth, validation, and defence in depth.8 lessons
3
BuildDesign systems that defend themselves: frameworks, APIs, and architecture.6 lessons
4
ShipSecure the pipeline: CI/CD, dependencies, containers, and provenance.6 lessons
5
RunDetect and respond: logging, monitoring, incidents, and compliance.6 lessons
6
BreakFind what others miss: testing, review, and offensive techniques.6 lessons

Research — 21 topics

View all →

Deep dives on how attacks work, real-world impact, and prevention guidance. Got a topic request? Let us know.

CVE Database

Search CVEs →

Searchable CVE records with CVSS scores, severity filters, and affected-product lookups. Filter by critical/high severity, recently published, or recently updated.

Critical & High Recently published Recently updated

AppSec Scorecard

Take the assessment →

We love the maturity metrics that already exist, but sometimes you just need a quick dirty metric without all the admin. We've boiled it down to 10 yes/no questions that you can answer in 5 minutes to get a rough score and some quick wins to work on.

Latest news

All news →