Old School Security

“Welcome to AppSec io

Home of the AppSec Findings Database & Testing Guide”

About Us

Old school professionals who give a damn

About Us

What is old school?

Old school security is the idea that even though technology and threats keep evolving, fundamental security practices stay the same. Whenever you are unsure about how to protect the enterprise, go back to the basic tenets of InfoSec and you'll find your answer. In short, go old school.

The Database

What is it?

The AppSec Findings Database and Testing Guide is a comprehensive collection of report-ready application security findings and testing techniques developed over many years. If you want to increase the quality of your reports and improve your testing, subscribe to the database today.

The Blog

News from the house
  • How To Wrap Up Application Security Testing – The Right Way

    Now that you’ve hacked that application to pieces, it’s time to wrap up the project. In this article I look at some of the steps for closing out an application security test and doing it the right way. (more…)

  • How To Kick Off Application Security Testing – The Right Way

    To increase your chances of success and keep yourself out of trouble during a pentest, hosting a kickoff meeting prior to the start of testing is essential. In this post, I’ll go into some of the elements of a successful kickoff meeting and provide you with a checklist of questions to cover during the meeting. (more…)

  • How To Map A Web Application Like A Pro

    Before jumping into any battle, you should know the enemy. For a pentester, mapping an application gives you the knowledge to successfully take on an application and find its weaknesses. In this post, I go into the details of how to map an application and more importantly, how to use this information to be more effective in finding vulnerabilities and in general, be more awesome as a pentester.


  • How To Create An Awesome Application Security Report

    If you want to excel as a pentester, it is not enough to be a highly technical security expert. You have to be able to produce high quality reports that effectively communicate an application’s security state to a client. In this post, I go over some of the key components of an application security report and give you some writing tips to improve your main deliverable as a pentester.


  • How To Write An Application Security Finding

    Although most application security testers would prefer to spend their time hunting for the next cool finding, we all know that at some point we have to devote some time to writing up our work. You may have found a severe vulnerability in the application but if you can’t effectively describe the issue to the client, they may not truly understand its impact or how to remediate it and they may end up being in a worse place than when you started. (more…)

  • How To Scope A Web Application Security Test

    One of the most underrated parts of a web application security test but perhaps one of the most important is scoping.  Scoping an application before a security test is designed to provide enough information to all parties to ensure that the test will have the best chance of success.


Contact Us

We'll be glad to answer your question!
2 + 3 =
Please, write your name. Please, insert your email address. Please, leave a message. Umh, are you good with math?