I’m a Security Engineer and a Software Developer with a real passion to cybersecurity, especially Product and Application Security. I worked both on defensive and offensive sides of cybersecurity. As a Security Consultant, I performed hundreds of offensive security assessments against web and mobile applications. As a Security Engineer, I developed a number of dedicated solutions to secure applications within CI/CD pipelines.

I’m more than happy to share my knowledge and experience with security enthusiasts, engineers, software developers and anyone willing to learn.

Krzysztof Pranczk

Krzysztof Pranczk

Writer for DevSec Blog
Security Engineer

Featured Blog Posts

Featured technical articles on my research work, popular DevSecOps tools, vulnerability management tips, and other security-related topics. For more, visit the blog.

Python for DevSecOps and Any Security Engineer

Does DevSecOps Engineer need programming skills? What is the value of utilising Python for security purposes? What you need to learn to automate security at scale? This article will answer these questions.

A Practical Approach to SBOM in CI/CD Part I — CycloneDX

In this article, I’m presenting practical use cases for implementing SBOM generation and its benefits. The article covers the concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.

Introduction to Security in SDLC with SAST for Developers and Security Engineers

Presenting an introduction Static Application Security Testing with examples how SAST and secrets detection can be implemented in SDLC. This article covers what is SAST and its advantages. Furthermore, it describes how SAST can be included in various SDLC stages with real world examples.

Web API Security Champion Series

Unrestricted Resource Consumption in a Password Reset — Web API Security Champion Part IV

Presenting an Unrestricted Resource Consumption vulnerability class using a password reset feature as an example.

Web API Security Champion Part III: Broken Object Property Level Authorization (OWASP TOP 10)

Broken Object Property Level presented in a practical way with methods for identifying and preventing vulnerabilities based on OWASP.

Web API Security Champion Part II: Broken Authentication (OWASP TOP 10)

Explaining one of the most common web API vulnerability classes - Broken Authentication in a practical manner. Providing a case study example based on the Damn Vulnerable RESTaurant API, including methods for identifying and preventing these vulnerabilities.

Subscribe To DevSec Selection

DevSec Selection is a bi-weekly Newsletter with the latest outstanding articles related with DevSecOps and application security.

We don’t share your personal information with anyone or company. Check out Privacy Policy for more information.

DevSec Selection articles are also available at DevSec Blog.

Get In Touch

You can reach me through LinkedIn, Twitter or Medium