Tag
21 articles tagged #Security.
P.01Tailscale creates a private mesh network across any combination of cloud servers, developer laptops, and office machines — without port forwarding, firewall rules, or dedicated VPN hardware.
P.02Row Level Security moves data isolation into the database where it belongs. Here's how to set it up for a multi-tenant SaaS, handle common edge cases, and avoid the traps that break it.
P.03When your AI agent needs to run the code it writes, you can't let it touch your production servers. Here's how the main isolation options work and when to use each.
P.04The implicit flow is dead, and most tutorials still teach it. Here is how authorization code flow with PKCE actually works, how tokens should be stored, and where most SPA auth implementations go wrong.
P.05From .env files to Vault to AWS Secrets Manager: a practical guide to storing credentials, API keys, and certificates without waking up to a breach notification.
P.06Leaked credentials are the most preventable category of security breach. Here is an honest look at when you need a dedicated secrets manager, which tool to pick, and what to do if you're still on .env files.
P.07Running containers in production without scanning them is the equivalent of shipping code without running tests. Here's how teams scan images, generate SBOMs, and add runtime protection, from the CI step to the cluster.
P.08Passkeys are no longer an experimental feature. Apple, Google, and Microsoft all support them natively. Here's what WebAuthn actually looks like in code and when passkeys make sense for your app.
P.09Prompt injection is the SQL injection of the AI era. As LLMs ship into production apps by the millions, attackers are learning how to hijack them through the data they consume. Here's what the attack looks like and how to defend against it.
P.10Explore ZeroDayBench—A new benchmark testing the efficacy of leading LLM agents in discovering and patching unseen security vulnerabilities.
P.11An honest analysis of Claude Code's security model, prompt injection risks, sandbox escapes, and supply chain threats in agentic coding tools. Lessons every developer and tool builder should learn in 2026.
P.12A step-by-step methodology for implementing Software Bill of Materials (SBOM) generation, dependency scanning, and vulnerability management in your CI/CD pipeline.
P.13A comprehensive security briefing covering February 2026's most critical vulnerabilities including OpenSSL RCE, Foxit PDF Reader zero-days, Chrome V8 exploits, and Linux kernel privilege escalation.
P.14SOC 2 is not as scary as it sounds. Here is what engineering teams actually need to implement, the tools that automate 80% of it, and what to skip.
P.15NIST finalized post-quantum standards in 2024. Harvest-now-decrypt-later attacks are already happening. If your migration plan starts with 'we will deal with it when quantum computers arrive,' you are already behind.
P.16Supply chain attacks have surged 742% since 2019. SBOMs are now legally mandated for federal software and EU market access. Here is how to implement them without slowing down your CI/CD pipeline.
P.17EditorPickOkta warns of a critical 'authorization gap' where AI agents retrieve data with elevated permissions but post to shared spaces where anyone can see. Four major vendors already hit with CVSS 9.3+ vulnerabilities.
P.18A CVSS 10.0 remote code execution vulnerability in React Server Components has been actively exploited in the wild. Here's the full breakdown of React2Shell, the follow-up DoS CVE, patching guidance, and lessons for React developers.
P.19EditorPickA trademark dispute, crypto scammers, 100K GitHub stars, a social network for AI agents, and a security crisis — the Clawdbot saga has everything. Here's the full story of the viral AI assistant that broke the internet.
P.20EditorPickAI agents are being deployed everywhere, but their security surface is wildly underexplored. From tool poisoning to memory injection, here's the threat landscape developers must understand in 2026.
P.21From supply chain attacks to AI-powered threats, learn the essential security practices every developer must know in 2026 to build secure applications.