Case Files of the AppSec Detective

It was another Monday morning. The sign on the door said Private Investigator.

But the sign below that said closed and I was saying yes to a third cup of coffee.

It was watered down and bitter, like a stale top 10 list.

My partner was out of town looking into a random shooting. But that case was like the slides of a bad security awareness program – too many bullets and no point –

When a string walked through the door, chewing their lip with the kind of concern we always see in troubled clients.

Their smile said ASCII, but their byte said UTF-8.

“I need you to find someone,” they said.

I could see by their expression that this wasn’t going to be a regular job.

“I’m being coerced,” they continued. “All I have are some numbers and this object.”

I nodded.

JavaScript.

I didn’t know the type, but I knew what it implied.

And I knew I had to be careful from this point on, because what they were telling me might not be strictly true.

This is one of my new favorite intros. I have some ideas and several notes on developing an appsec series based on a film noir detective.


Check out this episode's show notes for links to the articles we covered. And please take a moment to subscribe.