Browsing Tag
security
286 posts
I built an open-source DAST scanner that outfound ZAP
I built KageSec. What’s wrong with existing DAST tools Nuclei is great — ProjectDiscovery built something genuinely impressive.…
The First LLM Agent Cyberattack: How an AI Hacker Exfiltrated a Database in Under an Hour
The First LLM Agent Cyberattack: How an AI Hacker Exfiltrated a Database in Under an Hour On May…
I built an open-source dependency intelligence platform in TypeScript — here’s how it works
Most teams find out their dependencies are risky after something breaks. A maintainer disappears, a vulnerability sits unpatched…
Why output-stage PII masking is the wrong protective surface for data exfiltration in RAG
“The output filter runs after the LLM has already seen the confidential data. By then, three classes of…
vens-action: reranking Trivy/Grype CVEs by real risk in CI
If you run Trivy or Grype in CI and triage the output by CVSS, this is the thing…
What Exactly Encription is?
When you open messaging apps like WhatsApp, you probably see alerts like: Your messages are end-to-end encrypted. But…
Django Session Cookie vs localStorage JWT Security Comparison
Django Session Cookie vs localStorage JWT Security Comparison A team ships a Django REST Framework API, adds a…
I tested 4 AI agent-governance tools against an open spec – here’s the matrix
The scenario Your AI agent just deleted a customer record. Three months later, an auditor asks you to…
Alert Fatigue Is a Design Choice: Building Views That Actually Help
The default dashboard in your CSPM tool is almost certainly wrong for you. Not wrong as in broken.…
Pre-fork due diligence for OSS contributors
Note: This article was researched and drafted with AI assistance (Claude Sonnet 4.6 via Claude Code). All claims…
