I didn’t get into security because it was a trendy field. It started back when I was a junior developer. At some point, I realized that being a developer isn’t just about writing code, seeing it work, and feeling satisfied.
Real people use the applications we build. That’s when I started asking myself questions:
- These users have access to the application, but what exactly can they
access?
- What permissions do they have?
- What if someone without proper rights could use a feature and harm other users?
- And what if that incident damaged the company’s reputation?
From that moment, I began to delve deeper into application and user security, and over time, I realized that security isn’t about adding extra layers later; it’s about responsibility for the people who trust our code.
Today, I see security as part of software architecture itself. It’s something that should be considered from the first line of code, not after deployment.
That realization made me want to understand what “secure code” really means, and that’s where my journey into application security truly began…