AAAmanda Alleninamandaallen.hashnode.dev·Jun 25 · 5 min readPlaywright-Based Application Journey Testing Patterns for Modern Engineering Teams Security testing has a visibility problem. Most application security tools spend the majority of their time scanning pages that anonymous users can access. They identify missing headers, exposed para00
AAAmanda Alleninamandaallen.hashnode.dev·Jun 8 · 4 min readWhy Broken Access Control Continues to Dominate Web Application Security in 2026Web application security has evolved significantly over the last decade. Organizations invest heavily in security testing, secure development practices, cloud security, and automated scanning. Yet one00
AAAmanda Alleninamandaallen.hashnode.dev·May 28 · 6 min readDynamic Application Security Testing (DAST) Explained: How It Works and Why Modern Web Apps Need ItWhat Is DAST? Dynamic Application Security Testing (DAST) is a black-box security testing technique that tests a running application from the outside, the same way an attacker would. Unlike Static App10
AAAmanda Alleninamandaallen.hashnode.dev·May 20 · 8 min readWhy Your Enterprise API Security Testing Program Is Producing False Confidence (And How to Fix It)Enterprise organizations are running more API security tests than ever. They are also experiencing more API-related breaches than ever. These two facts are not in contradiction. They reflect a fundame10
AAAmanda Alleninamandaallen.hashnode.dev·May 6 · 5 min readAI-Powered Penetration Testing Is No Longer Experimental. Here's What's Actually Happening The developer security conversation has been dominated by shifting left, SAST tools, and secure-by-default frameworks for years. That conversation isn't going away, but a parallel transformation is ha10