In the early days of web development, PHP developers often relied on functions like mysql_escape_string() to sanitize user inputs. However, this approach was fraught with pitfalls. Misuse, incorrect character encoding handling, and a lack of awareness led to numerous vulnerabilities. To address these issues, mysql_real_escape_string() was introduced, which considered the current character set of the database connection, offering a more…
Leave a CommentMonth: June 2025
Jason Chan’s article “Security for High Velocity Engineering” hit me hard. It captures a reality many of us in Product Security face: engineering teams move fast, and unless your security program evolves beyond one-off engagements and reactive fixes, you’ll constantly be playing catch-up. The Fragile Model: When 1:1 Investment Walks Out the Door When I started out as an AppSec…
Leave a Comment