Your app is mostly code you didn't write. How dependency supply-chain attacks happen and a practical playbook for auditing what you ship.
Security
AppSec for builders: auth, secrets, supply chain, and the vulnerabilities that actually bite production systems.
5 articles
· 6 min read
SecurityRead article· 6 min read
· 6 min read
SecurityEnv vars feel like the safe place for API keys and passwords. Here are the quiet ways they leak — and how to keep secrets out of sight.
Read article· 6 min read
· 6 min read
SecuritySQL injection is decades old and still breaching databases. Why it survives modern frameworks, and the parameterized patterns that kill it.
Read article· 6 min read
· 5 min read
SecurityWhy localStorage is the wrong home for your JWTs, how XSS turns it into a token vault for attackers, and what to do instead.
Read article· 5 min read
· 5 min read
SecurityA post-mortem on a broken access control bug that exposed other users' data — what went wrong, how we caught it, and how to prevent it.
Read article· 5 min read

