March 17, 2025

The Moment I Realised Application Security is More Than Just a Buzzword

The Moment I Realised Application Security is More Than Just a Buzzword

Let’s be real security isn’t always the first thing on a developer’s mind. If you’re anything like I was, you’re busy building features, fixing bugs, and making sure everything runs smoothly. Security? That was something for dedicated teams to worry about.

That was until I had my wake-up call.

I still remember the moment: I was deep in an Application Security Hackathon, surrounded by security experts and cloud architects. Our mission? To break into applications, just like an attacker would. This wasn’t just theory; it was hands-on, real-world hacking. We weren’t just building apps, we were learning how to exploit them.

And that’s when it hit me: everything I had built before could have been vulnerable.

I had spent years writing clean, efficient code, but I had never really stopped to think: Can someone break this? The answer was a resounding yes. And if a few hours of hacking could expose so many flaws, what could a real attacker do with unlimited time and resources?

That moment changed everything for me. Security wasn’t an afterthought anymore, it became a core part of how I built applications.

What This Blog Series Will Cover

That hackathon was just the beginning. Since then, I’ve been diving deeper into the world of application security, learning from real-world attacks, security experts, and my own experiences. Now, I want to take you along for the ride.

This blog series is all about practical, no-nonsense application security. No fluff, no overwhelming jargon, just real, actionable insights to help developers and teams build stronger, more secure applications.

Here’s what’s coming up:

  1. Breaking Access Barriers: Understanding Authorisation Risks
  • How attackers bypass access controls with URL manipulation and API flaws.
  • Why role-based access control (RBAC) and least privilege matter.
  • Simple fixes that block unauthorised access before it happens.
  1. Injection Attacks: When User Input Becomes a Weapon
  • How SQL, NoSQL, and command injection attacks work.
  • Real-world examples of injection attacks taking down major companies.
  • Easy ways to secure your apps with parameterised queries and input validation.
  1. Secure Authentication: Why Passwords Aren’t Enough
  • Why passwords alone won’t protect your users.
  • The dangers of credential stuffing, session hijacking, and token theft.
  • How MFA, rate limiting, and secure authentication flows keep attackers out.
  1. Cryptography Pitfalls: What Makes Encryption Fail?
  • What a weak encryption and poor key management can undo all your security efforts.
  • The right way to store sensitive data securely.
  • Best practices for encryption, hashing, and secure key management.
  1. Security Misconfigurations: The Silent Killers
  • How simple misconfigurations expose data without you realising it.
  • The dangers of open cloud storage, missing security headers, and default settings.
  • A step-by-step guide to securing your infrastructure and automating security checks.
  1. The Hidden Dangers of SSRF: When Your App Fetches More Than It Should
  • How Server-Side Request Forgery (SSRF) lets attackers make unauthorised requests.
  • Why cloud environments are a prime target.
  • Secure coding techniques to restrict, validate, and sanitise remote requests.
  1. The Importance of Logging and Monitoring: Catching Attacks Before They Escalate
  • How attackers cover their tracks—and how logging can stop them.
  • Why real-time monitoring is critical in detecting breaches.
  • Tools and techniques for anomaly detection and forensic investigations.

Why This Matters

This isn’t just a list of security threats, it’s a call to action. If you’re writing code, you are responsible for security. Attackers aren’t waiting until your app is mature and polished—they’re looking for weak spots from day one.

But here’s the good news: security doesn’t have to be complicated. Small, smart changes can drastically reduce risk. This blog series is here to show you how.

So, whether you’re a developer, architect, or just someone who wants to understand security better, buckle up! It’s time to shift our mindset and start building applications that aren’t just functional but fortified.

Because if we’re not securing our apps, someone else is trying to break them.

Leah Cerinich

Co-Host She Knows Tech Podcast | Cloud Consultant | AWS Certified | Finalist for the Women in ICT Awards 2021 and 2022

Breaking Access Barriers: My Journey into App Security

You know that satisfying moment when you’re deep in the code... squashing bugs, pushing out features, and feeling like you’ve got it all under control? That was me. Fully immersed in dev life, convinced I had everything sorted. Then, ou…

From Recruiter to Rising Star: My Tech Adventure

Have you ever taken the leap into the unknown? That’s exactly what I did when I decided to transition from tech recruitment into the world of technology itself. Spoiler alert: it’s been one of the best decisions I’ve ever made. Ba…