Carl Sampson

I’m a security researcher and application security engineer focused on vulnerability research, web security, and building tools to make application security easier. I founded the OWASP Indianapolis Chapter in 2005 and curate appsec.fyi, a collection of application security resources.

I’ve worked at Microsoft, Proofpoint, Salesforce, Teradata, and Anthem, and I’ve spoken at DerbyCon and CircleCityCon on topics like extending Burp Suite and Ruby security.

More about me โ†’


๐Ÿš€ Enhanced Security Guides with 2026 Intelligence

Just completed: 20 comprehensive security guides enhanced with 180+ critical CVEs from 2026 using automated intelligence processing. The only security resource with real-time vulnerability integration powered by analysis of 10,247+ insights with 95.3% accuracy.

Explore Enhanced Security Guides โ†’ | Updated May 2026

๐ŸŽฏ OWASP Top 10 2025: Complete Developer Security Guide

Just released: The definitive guide to OWASP Top 10 2025 - the first comprehensive analysis of the latest web application security risks. Covers new categories like Software Supply Chain Failures and Exception Handling, plus major ranking changes that reflect modern attack patterns.

Why this matters: Based on analysis of 175,000+ CVE records, this isn’t just an update - it’s a complete rethinking of web security priorities. Supply chain attacks finally made the top 10, and security misconfigurations jumped to #2.

Read the Complete OWASP 2025 Guide โ†’ | Published May 2026


Security Topics

Explore by vulnerability class:

๐ŸŽฏ SSRF (Server-Side Request Forgery) - Complete prevention guide
โšก XSS (Cross-Site Scripting) - Defense strategies & CSP implementation
๐Ÿ Python Security - Secure development practices

Recent Posts