The first time I started blogging on armoredcode.com domain, it was 16th July 2010. They were strange days, without energy and with lack of motivational spin.
I was even asking myself if I had to consider me as a good security guy or just yet another wannabe security hacker.
There were the days I wanted to start a web startup creating great applications in a secure manner, but I wasn’t strong enough to jump to the other side.
Today I’m launching a new application security blog talking about security from the software developer point of view.
Let’s us be honest each other. There are a lot of remarkable software developers hackers blog out there and the technical level is outstanding.
37signals folks, Peldi from Balsamiq Mockup Startup, Zach Holman from github are just few of such as remarkable examples of great blog for developers.
What about security?
Cutting off vendors blog, I found very few people blogging with true passion about they everyday work // passion. Jeremiah Grossman, Mark Curphey, John Wilander are some of the security folks I read every day and with whom I share a tought: application security is about the code.
How can you talk about how to write secure code if you do not write source code. How can you tell us how to tell your development team how to mitigate a vulnerability if you don’t have a github account.
Trust me, people must talk about things they do everyday. Only if you do love writing code, you will be insane enough to start code reviewing other people code to spot security issues and than start writing a mitigation plan.
If you don’t love to code, well… you sure can break an app but it’s like making love with a cold bottle.
I’m starting this blog as a spin-off from my personal one were I started mixing up posts in Italian with personal stuff and posts in English about appsec and tech bits.
Covered topics will be about software development lifecycle, software testing, how to integrate security in rspec, how to craft a ruby gem or how to write a sinatra application with security in mind. We will talk about also what does penetration testing mean and what the security testers are looking for.
This is my “Hello world” post and I hope you’ll start loving this blog.