Series

The AppSec Maturity Journey

The AppSec Maturity Journey is a practical series on building and evolving an Application Security programme in real enterprise environments.

It focuses on real-world milestones, solving large-scale asset visibility challenges, moving from managed to owned security controls, and building governance that actually works at scale. Each article breaks down the constraints, decisions, and trade-offs behind maturing AppSec in complex organisations.

This series is aimed at security engineers and AppSec practitioners who care less about theory and more about what actually works in production.

Securing 200+ Web Assets When You Don't Even Know What You Have
A practical walkthrough of building asset discovery, verification, classification, protection and governance across a multinational with 50+ business units, starting from zero visibility.
Apr 27, 20269 min read30
Moving From a Managed WAF to One We Actually Owned
A practical account of evaluating, proof-of-concepting, and migrating 100+ web assets to Imperva over four months, without taking down a single business-critical application.
May 8, 202610 min read21

Command Palette