Skip to content
Application Security Expert Ahsan.au
Research & Articles

Posts by Ahsan Mohsin

About Ahsan Mohsin
software or data integrity failures 2025
Posted inCybersecurity Web Application Security

Software or Data Integrity Failures  When Trusted Code Gets Tampered With

Software or data integrity failures can start with the tiniest change: sometime ago, engineers at a company I supported pushed a very small update to production. Nothing major – just…
Read More
Posted by Ahsan Mohsin December 28, 2025
authentication failures
Posted inWeb Security Cybersecurity

A07:2025 – Authentication Failures – Why Logins Still Get Hacked

Authentication failures are more common than you think a company I worked with recently had a worrying incident. A hacker got into an admin account even though the login page…
Read More
Posted by Ahsan Mohsin December 27, 2025
Metaphor for A10:2025: A small exception causing catastrophic security failure in a modern application.
Posted inApplication Security OWASP

A10:2025 Mishandling of Exceptional Conditions – The Quiet AppSec Failure No One Owns

If you’ve been in application security long enough, you’ll recognise this pattern instantly: the vulnerability wasn’t exotic, the exploit wasn’t clever, and yet the impact was catastrophic. A stack trace…
Read More
Posted by Ahsan Mohsin December 22, 2025
Metaphor for choosing secure-by-default paved roads over security gates in application security programs.
Posted inApplication Security DevOps

Why Most Application Security Programs Fail Before They Begin

Most Application Security (AppSec) programs don’t fail because the team is “bad” or because they didn’t buy enough tools. They fail because the program is built on the wrong assumptions. A successful application…
Read More
Posted by Ahsan Mohsin December 19, 2025
Group Managed Service Accounts
Posted inWindows Security Active Directory Enterprise Infrastructure

The Evolution and Security of Non-Human Identities: A Comprehensive Guide to Group Managed Service Accounts

1. The Identity Crisis in Windows Infrastructure: From Static Accounts to Managed Identities In the intricate ecosystem of enterprise Windows infrastructure, the management of non-human identities—service accounts—has historically represented one…
Read More
Posted by Ahsan Mohsin December 16, 2025
The Anatomy of Identity Compromise: A Comprehensive Analysis of Active Directory Attack Paths to Domain Dominance
Posted inCybersecurity Active Directory Network Defense

The Anatomy of Identity Compromise: A Comprehensive Analysis of Active Directory Attack Paths to Domain Dominance

1. Introduction: The Identity-Centric Battlefield In the modern cybersecurity paradigm, the perimeter has effectively dissolved. The traditional "castle and moat" architecture, which relied on hardened network boundaries to protect soft…
Read More
Posted by Ahsan Mohsin December 15, 2025
secure SDLC
Posted inSoftware Security DevOps

How to Build a Secure SDLC from Scratch: A Step-by-Step Guide for Modern Teams

Introduction: Why Secure SDLC Matters More Today Than Ever If you search how to build secure SDLC right now, you'll find thousands of checklists, buzzwords, and long theoretical models -…
Read More
Posted by Ahsan Mohsin December 4, 2025
Malware Analysis Tools for Beginners - 5 Essential Tools
Posted inCybersecurity Tools

A Beginner-Friendly Guide to Malware Analysis Using Five Essential Tools

Malware analysis has a reputation for being complicated. Mention "reverse engineering," and most people immediately imagine walls of assembly code, obscure debuggers, or hackers staring at hex dumps at 2…
Read More
Posted by Ahsan Mohsin December 4, 2025
Complete DNS Security Guide - Protect Your Servers 2025
Posted inWeb Security DevOps Network Security

Understanding DNS, Shared IPs, Origin IP Exposure, and Secure Hosting Migrations

A Complete Guide for Security & DevOps Professionals The Domain Name System (DNS) is one of the most fundamental building blocks of the modern internet yet it’s also one of…
Read More
Posted by Ahsan Mohsin December 2, 2025
Broken Access Control
Posted inApplication Security OWASP Web Security

Broken Access Control: The Quiet, Persistent Threat Still Dominating the OWASP Top 10 in 2025

If there's one vulnerability category that refuses to fade, it's Broken Access Control. According to the OWASP Top 10 2025, Broken Access Control is once again one of the most recurring…
Read More
Posted by Ahsan Mohsin December 1, 2025

Posts pagination

1 2 3 Next page

Ahsan Mohsin

Hello! I am Ahsan, a security builder and experimenter. I turn complex AppSec and automation problems into compact, useful products.

  • LinkedIn

Recent Posts

  • software or data integrity failures 2025
    Software or Data Integrity Failures  When Trusted Code Gets Tampered With
    by Ahsan Mohsin
    December 28, 2025
  • authentication failures
    A07:2025 – Authentication Failures – Why Logins Still Get Hacked
    by Ahsan Mohsin
    December 27, 2025
  • Metaphor for A10:2025: A small exception causing catastrophic security failure in a modern application.
    A10:2025 Mishandling of Exceptional Conditions – The Quiet AppSec Failure No One Owns
    by Ahsan Mohsin
    December 22, 2025
  • Metaphor for choosing secure-by-default paved roads over security gates in application security programs.
    Why Most Application Security Programs Fail Before They Begin
    by Ahsan Mohsin
    December 19, 2025
  • Group Managed Service Accounts
    The Evolution and Security of Non-Human Identities: A Comprehensive Guide to Group Managed Service Accounts
    by Ahsan Mohsin
    December 16, 2025

Categories

  • Active Directory
  • Application Security
  • Application Security AppSec
  • Cloud Computing
  • Cloud Security
  • Cybersecurity
  • Cybersecurity
  • DevOps
  • DevOps & CI/CD
  • Enterprise Infrastructure
  • Network Defense
  • Network Security
  • News
  • OWASP
  • Penetration Testing
  • Pentesting
  • Software Architecture
  • Software Engineering
  • Software Security
  • System Administration
  • Threat Analysis / Attack Vectors
  • Tools
  • Web Application Security
  • Web Hosting
  • Web Infrastructure
  • Web Security
  • Windows Security

Tags

ACL Attacks Active Directory AD Attacks AD CS API Security Application Security AppSec Attack Paths BloodHound CI/CD Security Cloud Security Cuckoo Sandbox Cybersecurity DCSync DevSecOps Domain Controller Enterprise Security gMSA Golden Ticket Hardening Kerberoasting Kerberos Lateral Movement login security OWASP OWASP A07 2025 OWASP SAMM OWASP Top 10 Persistence PowerShell Privilege Escalation SAST/DAST Secure SDLC Security Security Automation Security Champions Security Program Service Accounts Shared Hosting Threat Modeling Web Application Security Web Security Windows Server x64dbg ZeroLogon

Application Security Expert Ahsan.au

Hello! I am Ahsan, a security builder and experimenter. I turn complex AppSec and automation problems into compact, useful products.

  • Linked in
  • Email

Ideas ship faster when shared.

© 2026 All Rights Reserved

Scroll to Top