- Burp Suite Pro — primary web application testing proxy
- csp-toolkit — my own Python library for CSP analysis
- Nuclei — template-based vulnerability scanner
- ffuf — web fuzzer for directory and parameter discovery
- httpx — fast HTTP toolkit for probing
Development#
- Python — primary language for security tooling and automation
- VS Code — editor with Vim keybindings
- Hugo — static site generator (powers this site and appsec.fyi)
- Git — version control
Infrastructure#
- Nginx — web server and reverse proxy
- Ubuntu — server OS
- Cloudflare — DNS
Hardware#
- MacBook Pro — daily driver