I wrote a blog for AppSec practitioners about how you gather information about what is going on in the development organization.
Some of it is more relevant when contracting but a lot of it is relevant to internal people as well.
Some of it is more relevant when contracting but a lot of it is relevant to internal people as well.
Comments
So just in case, here it is again:
https://www.bouncesecurity.com/blog/2025/01/06/situational-awareness-in-appsec