1. JWT should not be your default for sessions
JWT is a bad default -- be deliberate and careful when you use it.

2. Exploiting custom protocol handlers for cross-browser tracking in Chrome, Firefox, Safari, and Tor
Protecting user privacy is a foundational capability of the web browser, and scheme flooding violates that capability.

3. Dustin Lehr -- Advocating and being on the side of developers
As AppSec people, work hard to be an advocate for your developers and evaluate tools that will work for them.​

4. Send My: Arbitrary data transmission via Apple's Find My Network
As consumers, we need to push back on this idea that our devices are used together to form super networks, without us opting in.

5. 47 powerful open-source app sec tools you should consider
Application security tools save us time by doing something manual and providing an automated series of steps to make the action repeatable.​