Press "Enter" to skip to content

Month: June 2025

From mysql_real_escape_string() to AI Firewalls: Are We Repeating History with Prompt Injection?

In the early days of web development, PHP developers often relied on functions like mysql_escape_string() to sanitize user inputs. However, this approach was fraught with pitfalls. Misuse, incorrect character encoding handling, and a lack of awareness led to numerous vulnerabilities. To address these issues, mysql_real_escape_string() was introduced, which considered the current character set of the database connection, offering a more…

Leave a Comment

Scaling AppSec in High-Velocity Engineering: My Take

Jason Chan’s article “Security for High Velocity Engineering” hit me hard. It captures a reality many of us in Product Security face: engineering teams move fast, and unless your security program evolves beyond one-off engagements and reactive fixes, you’ll constantly be playing catch-up. The Fragile Model: When 1:1 Investment Walks Out the Door When I started out as an AppSec…

Leave a Comment