Topicsecurity
- What CSP Taught Me About Third-Party Resource TypesApril 16th, 2026
- How I Hardened Apollo's Scanner Against Prompt Injection (Two Cheap Fixes That Actually Work)April 14th, 2026
- How My Own Robot Reviewer Caught My Secret Sitting in `ps aux`April 14th, 2026
- Validate Your Env Vars at Boot — or Pay the Price LaterApril 14th, 2026
- SQL Injection Was Hiding in My Supabase `.not('in')` CallsApril 13th, 2026
- The One-Liner That *Looked* Safe (and How an Origin Check Fixed It)April 13th, 2026
- How a Single String Was Gutting My Entire Content Security PolicyApril 9th, 2026
- The Auth Gate That Wasn't Guarding the Real DoorApril 6th, 2026
- An ID Is Not a Password: How We Closed an IDOR in Our Cancer Patient Chat AppApril 3rd, 2026
- How localStorage Bridged Sessions — And Then Became a Security HoleApril 3rd, 2026
- How an Open Redirect Hid Inside Our Next.js Server ActionsApril 2nd, 2026
- Page Auth Doesn't Guard Server Actions — Every Action Needs Its Own LockApril 2nd, 2026
- The Supabase Linter Warning That Silently Empties Your TablesApril 2nd, 2026
- Why I Stopped Trusting My Own FrontendApril 2nd, 2026
Adrian Waldron