Ken Johnson

Check out my latest article: The Software Security Market Is Broken Right Now - Here’s What Actually Matters linkedin.com/pulse/software… via @LinkedIn

PR FEEDBACK IS LIVE IN DRYRUN SECURITY 🔥🔥🔥 When a security finding shows up in a pull request, it shouldn’t turn into a side quest. PR Feedback closes that loop. Now when DryRun Security flags something, developers can reply directly in the thread to mark a false positive or nitpick. DryRun updates the findings instantly, regenerates the PR summary, and logs the action for a clean audit trail. No tickets to file. No separate workflow to manage. No chasing someone down to clear it. Read how it works → dryrun.security/blog/security-…

Next week, @jcran and @cktricky are doing Security Reviews, IRL: a live GitHub PR walkthrough with real agent-generated changes (Claude, Cursor, Devin) and the logic flaws that almost shipped. 🗓️ Join us: Feb 25, 1 PM EST Register at dryrun.security/webinar/securi…

Developers are already using AI in production, but most AppSec programs were not designed to see or control what happens inside LLM workflows causing blind spots across prompts, generated code, and tool calls. Join this live fireside chat "Code Velocity in an AI-era: How AppSec Teams Can Stay Ahead" with Adam Dyche, @wickett, @cktricky, and Zac F. They will explore how real teams are applying existing AppSec fundamentals to secure AI powered applications without rebuilding their entire stack. 🗓️ Feb 4 | 1:00 PM ET Save your spot and join the conversation 👉 lnkd.in/gpxEBNA9

AI did not create entirely new AppSec problems. It changed where they show up. Prompts. Generated code. Tool calls. Model integrations. The risks are familiar. The workflows are not. Join our live fireside chat, Code Velocity in an AI-era: How AppSec Teams Can Stay Ahead, with Adam Dyche with @poweredbyCMRC, @wickett , @cktricky, and Zac Fowler with DryRun Security. They'll unpack how real teams are securing LLM-powered applications without rebuilding their entire AppSec stack. 🗓️ Feb 4 | 1PM ET Register 👉 na2.hubs.ly/H037Qhw0

Are you itching to talk about the new #OWASPTopTen? Well today you have good fortune because @infosecdad is coming on the @absoluteappsec podcast with @cktricky and @sethlaw to discuss all the ins and outs. 12 Noon Eastern the livestream starts here: youtube.com/watch?v=YfDY6w…

📣REGARDING OWASP TOP 10 2025 - RC1📣 We had @infosecdad Brian Glas - the lead on this project - on the @absoluteappsec podcast with @sethlaw and I earlier today discussing what all went into the updates and refresh, check it out! youtube.com/watch?v=YfDY6w…

I posted this last Friday on LinkedIn, do you disagree? Let me hear you if so 😄

Absolutely brilliant detail from the new Reddit AI copyright lawsuit vs. Perplexity. They set a trap for Perplexity - a test post only crawlable by Google, existing nowhere else on the internet. Within hours, it was on Perplexity 😳 nytimes.com/2025/10/22/tec…

.@dryrunsec is always transparent about the good & the bad: dryrun.security/blog/how-we-tu…

Nearly spit out my coffee this morning when I read: "The World’s First Agentic Security Orchestration System" 🤣

😍😍😍

From alert to assurance in minutes. CTO and Co-founder @cktricky walks through how DryRun Security Code Insights MCP helps teams investigate NPM supply chain threats without manual toil, saving hours of effort. Teams use Code Insights MCP to move faster during incidents and reduce noisy, repetitive work from audits to alerts. 👀 Watch the rundown and see how to apply it in your environment.

Check out my latest article: Insights & malicious NPM packages linkedin.com/pulse/insights… via @LinkedIn

Been waiting to share this publicly and now we're here. We built the next HUGE efficiency gain for app/prod-sec teams. Imagine have total visibility into what is happening within your organization. 🙌🙌🙌

CodeRabbit RCE wasn’t prompt injection—it was tool execution + isolation drift + secrets exposure. We’ve stumbled too (IDOR in closed beta), which is why our sandboxed approach avoids this class of risk. 🔗Read more: na2.hubs.ly/y0S7hz0

Thanks again to The Boring AppSec podcast for having me on! You can check out the episode, here: youtube.com/watch?v=sLW1yM…

Constructing a Trustworthy Evaluation Methodology for Contextual Security Analysis dryrun.security/blog/construct…

One of my favorite features and something we've been delivering & improving on for over a year now. I wish this was available to me when I worked as a defender - could have saved us from sooooo many bug bounty submissions.

Less than 1 week out (June 16/17) and @sethlaw and I still have seats left for our remote/virtual (AI Enhanced) Manual Secure Code Review course. Sign up at the @absoluteappsec site: training.absoluteappsec.com