My Journey into Application Security
My Journey into Application Security
As a developer, I used to think security was someone else's problem—until I discovered my first vulnerability in production.
The Calling
During my internship at Topocart, I was building a monitoring dashboard when I realized how dangerous an application can be when it inserts or doesn't protect its data properly (considering that I worked on projects that used people's data requested by municipalities or states). That changed everything. I started asking myself: What am I leaving behind in my systems?
The Shift to AppSec
I began studying the OWASP Top 10, learning about:
- Injection attacks and how they bypass validation
- Broken authentication and session management
- Security misconfigurations hiding in plain sight
The more I learned, the more I realized that security isn't a feature—it's a mindset.
DevSecOps: Security at Speed
Now, I integrate security into every stage of development:
- Code Analysis: Running tools like Semgrep and GoSec in CI/CD pipelines
- Secret Detection: Using Gitleaks to catch hardcoded credentials before they hit production
- Container Security: Scanning Docker images for vulnerabilities
Why You Should Care
Every line of code you write is a potential entry point. The question isn't if you'll be targeted, but when. Learning AppSec isn't just about protecting systems—it's about building trust with users who depend on your software.
What's your first step into security? Start with the OWASP Top 10 and treat every input as hostile. Your future self (and your users) will thank you.