· 6 min read
SecurityYour app is mostly code you didn't write. How dependency supply-chain attacks happen and a practical playbook for auditing what you ship.
Read article· 6 min read
5 articles
Your app is mostly code you didn't write. How dependency supply-chain attacks happen and a practical playbook for auditing what you ship.
Env vars feel like the safe place for API keys and passwords. Here are the quiet ways they leak — and how to keep secrets out of sight.
SQL injection is decades old and still breaching databases. Why it survives modern frameworks, and the parameterized patterns that kill it.
Why localStorage is the wrong home for your JWTs, how XSS turns it into a token vault for attackers, and what to do instead.
A post-mortem on a broken access control bug that exposed other users' data — what went wrong, how we caught it, and how to prevent it.