Huge thanks to the @LASCONATX volunteer team (incredible hosts) and to everyone who stopped by our booth for great #appsecurity conversations. If you missed it live, catch @wickett's talk "Out of Control: Promise Theory and the Future of Code Security Agents" slides here:

Stop writing policies like it’s 2015. We use natural language and an agentic approach to understand code context in every PR so your AppSec is fast, accurate, scalable. Read more about each step of our journey at https://t.co/fWxzHRaSBW

Thrilled to team up with @secdim to connect DryRun Security contextual risk insights with hands-on secure coding labs. This helps engineering teams turn findings into learning and fixes faster. Thanks, Pedram, for this innovative use case for the DryRun MCP!

From alert to assurance in minutes. CTO and Co-founder @cktricky walks through how DryRun Security Code Insights MCP helps teams investigate NPM supply chain threats without manual toil, saving hours of effort. Teams use Code Insights MCP to move faster during incidents and

Get superhuman visibility into your security posture, architecture, and more! Announcing DryRun Security Code Insights MCP. Now you can ask your code what changed and why: 👉 “Hey DryRun, are there any new admin endpoints this week?” 👉 “Which PRs touched auth or payments?”

CodeRabbit RCE wasn’t prompt injection—it was tool execution + isolation drift + secrets exposure. We’ve stumbled too (IDOR in closed beta), which is why our sandboxed approach avoids this class of risk. 🔗Read more: https://t.co/LwC0X7yJEJ

📣📣📣 The Boring AppSec Podcast Ep. 22 is out with @cktricky (Co-Founder and CTO @dryrunsec )! I really enjoyed this conversation with @JubbaOnJeans and Ken as all of us have been building in the AI space for some time now and have stumbled upon similar blockers and

4/4 Read more about the SQLi analysis update to the DryRun Security AppSec Analyzer and how it works at

3/4 It’s time to take control of your application security risk. Schedule a demo and see what’s possible at https://t.co/LEepYhS0Eg or install DryRun Security in seconds to see for yourself at https://t.co/FJYUtFvVjo 🌟 Support for more languages and frameworks coming soon!🌟

2/4 Python Django and GORM are modern frameworks designed with security in mind. However, even in these environments, developers can inadvertently introduce SQLi vulnerabilities through unsafe queries.

1/4 🎉 Today we introduce an exciting update: We’ve integrated SQLi analysis into our automated secure code reviews. Now, the GitHub app will analyze your code for SQLi vulnerabilities for Python Django and GORM in seconds using the DryRun Security AppSec Analyzer.

This is where developers and security meet! 🔗 Listen to the whole talk at https://t.co/qicasB7dpc #DevSecOps

5 / But there is hope! Contextual Security Analysis (CSA) can lead the way forward. Implementing security as context uses all available context gathered as developers are writing code to make contextually aware assertions.

4 / ↗ Increase in security work 🚧 New gates and added complexity 👉 Developers are expected to decode findings 🐢 Slower build times Not only is there some friction between dev and security but security is outnumbered: ❗ 100 Dev: 10 Ops: 1 Sec

3 / In the attempt to make our apps more secure, we’ve had some negative outcomes. The purpose of the Shift Left approach is good but we can now see the penalties:

2 / If you didn’t get to hear James Wickett’s talk at Developers & Security are Friends Day 2023, you can now! In James’ session, “Context Over Mandate,” he calls out the unfriendly stereotypes that developers and security often believe of one another—which are not true.

The threat landscape is shifting. The breaches aren’t stopping. We’re negatively incentivizing developers. Productivity deceleration of the organization is happening. What do we do about it? 🧵

@wickett @cktricky If you'd like to learn more about Contextual Security Analysis (CSA) beforehand, you can download our free guide at

Will you be at #OWASP Global DC 2023 next week? Stop by our booth to get your stamp on the Vendor Passport and win a Flipper Zero with MicroSD! Then chat with co-founders @wickett and @cktricky about Contextual Security Analysis and how this approach is changing #DevOps.

6/ Our team is pumped to meet you at #OWASP Global AppSec DC. Let's talk about shaping the future of AppSec together. See you there! #appsec