The APPSECREW Blog

Security Insights
From the Field.

Practitioner-written deep dives on application security, AI threats, cloud attack surfaces, and offensive security techniques — written by the people who actually test these things.

Featured

Application Security 3 min read

JWT Signature Bypass via SSRF in iss Claim

How attackers exploit unverified iss claims in OIDC/JWT implementations to forge tokens, bypass signature verification, and gain unauthorized access — with real code examples and fixes.

APPSECREW Team August 17, 2025

AI Security 10 min read

Prompt Injection: Why Your LLM Application Is Probably Vulnerable

A technical deep-dive into prompt injection attacks — how they work, why they're so hard to prevent, and what engineering teams building LLM applications need to do right now.

APPSECREW Team January 20, 2025

Application Security 8 min read

OWASP Top 10 2024: What Changed and What You Need to Do

A practitioner's breakdown of the latest OWASP Top 10 updates — which new categories matter, what dropped, and how to prioritize your remediation roadmap.

APPSECREW Team November 15, 2024

All Articles

Cloud Security

IAM Is Your Cloud's Biggest Attack Surface. Treat It That Way.

Why cloud IAM misconfigurations consistently lead to compromise, what attackers look for, and how to audit your own AWS, GCP, or Azure environment before they do.

APPSECREW Team February 10, 2025 9 min read

Security Insights From the Field.

JWT Signature Bypass via SSRF in iss Claim

Prompt Injection: Why Your LLM Application Is Probably Vulnerable

OWASP Top 10 2024: What Changed and What You Need to Do

IAM Is Your Cloud's Biggest Attack Surface. Treat It That Way.

Security Insights
From the Field.