About JustAppSec
JustAppSec is an independent application security resource for developers and security teams. The focus is practical: real vulnerabilities, real controls, and real-world context for the decisions that matter when you are building or reviewing software.
Most AppSec content is written to sell a product or close a deal. JustAppSec is vendor-neutral by design. Tool recommendations are based on what solves the problem, not what pays a commission.
What you'll find here
- Training - structured learning pathways across six stages of the development lifecycle: Think, Code, Build, Ship, Run, and Break. Lessons built for teams embedding security into how they work day to day.
- Guides - practical implementation guides for engineers: setting a Content Security Policy in Next.js, managing secrets in GitHub Actions, securing file uploads, mapping controls to Cyber Essentials, and communicating risk to leadership.
- Free tools - a browser-based threat modelling tool that runs locally in your browser. No account, no data sent anywhere.
- Services - a fixed-price Application Security Health Check if you want a professional to look at your application directly.
People
Davy Rogers
Director, JustAppSec Limited
Davy is an application security professional with a background in penetration testing, secure code review, and DevSecOps. He holds Certified Information Systems Security Professional (CISSP) and Offensive Security Certified Professional (OSCP) certifications and has delivered application security across global organisations in logistics, healthcare, and financial services.
Get in touch
Questions, corrections, or feedback - use the contact page.