JustAppSec

About JustAppSec

JustAppSec is an independent application security resource for developers and security teams. The focus is practical: real vulnerabilities, real controls, and real-world context for the decisions that matter when you are building or reviewing software.

Most AppSec content is written to sell a product or close a deal. JustAppSec is vendor-neutral by design. Tool recommendations are based on what solves the problem, not what pays a commission.

What we publish

  • Research - deep topic hubs covering the vulnerabilities that appear most often in real application code: injection, authentication flaws, SSRF, IDOR, JWT misuse, insecure file handling, and more. Each hub covers how the attack works, how to prevent it, and how to test for it, with stack-specific examples across Node.js, Python, Java, and .NET.
  • Guides - practical implementation guides for engineers: setting a Content Security Policy in Next.js, managing secrets in GitHub Actions, securing file uploads, mapping controls to Cyber Essentials, and communicating risk to leadership.
  • Training - structured learning pathways across six stages of the development lifecycle: Think, Code, Build, Ship, Run, and Break. 37 lessons built for teams embedding security into how they work day to day.
  • CVE intelligence - a searchable database of Common Vulnerabilities and Exposures, with severity scores, affected products, and contextual analysis. Updated continuously from public vulnerability sources.
  • News - daily briefings on new CVEs, supply-chain incidents, AI and LLM security developments, and the patches worth paying attention to.
  • Free tools - a browser-based threat modelling tool and an AppSec scorecard that runs locally in your browser. No account, no data sent anywhere.

People

Davy Rogers

Director, JustAppSec Limited

Davy is an application security professional with a background in penetration testing, secure code review, and DevSecOps. He holds Certified Information Systems Security Professional (CISSP) and Offensive Security Certified Professional (OSCP) certifications and has delivered application security across global organisations in logistics, healthcare, and financial services.

davyrogers.co.ukLinkedIn

Davy Rogers

Company

JustAppSec Limited is registered in England and Wales (Company No. 16602827).

Get in touch

Questions, corrections, or feedback - use the contact page.

Need help?Get in touch.