Check out the show notes for links to articles we covered.

Case Files of the AppSec Detective

It was another Monday morning. The sign on the door said Private Investigator.

But the sign below that said closed and I was saying yes to a third cup of coffee.

It was watered down and bitter, like a stale top 10 list.

My partner was out of town looking into a random shooting. But that case was like the slides of a bad security awareness program – too many bullets and no point –

When a string walked through the door, chewing their lip with the kind of concern we always see in troubled clients.

Their smile said ASCII, but their byte said UTF-8.

“I need you to find someone,” they said.

I could see by their expression that this wasn’t going to be a regular job.

“I’m being coerced,” they continued. “All I have are some numbers and this object.”

I nodded.

JavaScript.

I didn’t know the type, but I knew what it implied.

And I knew I had to be careful from this point on, because what they were telling me might not be strictly true.

This is one of my new favorite intros. I have some ideas and several notes on developing an appsec series based on a film noir detective.