Phone:
 +947 601 49595
Email:
 mail[at]pasindudissan.xyz
Secondary Email:
 pasindudissan[at]proton.me

PGP key (Ed22519)
3300 B645 19CA C101 A0DD
D030 E40F 4B15 095C C7AF

© 2025 Pasindu Dissanayaka.

Posted by:

Pasindu Dissanayaka

Posted on:

Jun 15, 2025

Web Application Security Series: Introduction

This series is going to be more detailed than my usual posts. Often, I see senior developers and tech leads blindly appriasing and casting faith on frameworks, assuming they make applications bulletproof by default. To be honest, most modern frameworks do promote secure coding practices and actively help mitigate common vulnerabilities. But relying solely and blindly on them is a dangerous assumption, especially for public-facing web applications.

There are already excellent articles out there that focus on secure development practices — but most of them come purely from a developer's point of view. Unless you've had exposure to cybersecurity or learned how to “think like a hacker,” you’re likely missing entire classes of potential threats.

My goal with this series is to shift your mindset. I want you to ask: “ What if the attacker is already inside? ” From there, we’ll explore the practical ways I secure applications during development, deployment, and post-release.

Upcoming Topics

Web Application Security: Basics

Web Application Security: Intermediate