Artificial intelligence is no longer a future concern for security teams — it is a present one. As organisations race to integrate large language models (LLMs), generative AI tools, and ML-powered systems into their products, security engineers face an entirely new threat landscape that traditional AppSec frameworks were not designed to address. This post covers the most critical AI security risks, the emerging standards you need to know, and practical steps to start building

Building a port scanner in Go is an excellent way to learn both network programming and Go's powerful concurrency model. Port scanners are fundamental tools in security reconnaissance — understanding which ports are open on a target system is the first step in any security assessment. Go is an ideal language for this task because of its goroutines and channels, which make concurrent network operations both efficient and readable. Basic approach: Create a TCP dial attempt fo

Content Security Policy (CSP) is a browser security mechanism that helps prevent cross-site scripting (XSS) and data injection attacks. It works by allowing web developers to specify which content sources are trusted, and instructing the browser to reject all others. How it works: CSP is delivered via an HTTP response header (Content-Security-Policy) or a meta tag. The policy consists of directives that specify allowed sources for different content types: scripts, styles, im

Content Security Policy (CSP) is one of the most powerful defences against Cross-Site Scripting (XSS) attacks. The script-src directive controls which scripts are permitted to execute in the browser, effectively blocking injected malicious scripts even if an attacker manages to inject content into your page. Key script-src approaches: nonce-based CSP: A cryptographically random nonce is generated per request and embedded in both the HTTP header and script tags. Only scripts