30 articles tagged with "security"
I pointed my SDR at 2.4 GHz and discovered my smart home devices are CHATTY. Bluetooth Low Energy packets everywhere! Here's how I decoded BLE traffic, reverse engineered smart device protocols, and learned that wireless security is... interesting. Welcome to the world of BLE sniffing!
Want to contribute to open source but tired of todo apps? Security projects need contributors, and you don't need to be a hacker! Let me show you how to get started in the coolest corner of open source.
The simplest hack that still works in 2026: just change a number in the URL. Here's why your API is probably leaking user data right now and how to actually fix it.
You're serializing objects without a second thought? Yeah, about that... Let me tell you how attackers turn your innocent data into remote code execution nightmares.
After 7 years of production deployments and one very public GitHub leak that cost us $3,000 in AWS charges, I learned that managing secrets isn't optional - it's survival. Here's how to stop hardcoding passwords like it's 2005!
Think accepting serialized data is safe? Think again! Learn how deserialization attacks turn innocent-looking data into remote code execution nightmares.
Stop putting authorization logic everywhere! Let's use Laravel Policies and Gates to keep your code clean and your users in their lane.
Using GitHub Actions to deploy your open source project? Cool! Accidentally giving hackers access to your AWS keys, npm tokens, and production secrets? Not cool! Learn how to secure your CI/CD pipeline before you become a cautionary tale on Twitter.
Think your firewall is protecting you? HTTP Request Smuggling is the sneaky attack that slips right past your defenses. Here's how it works (and how I found one).
Your Lambda has full admin access 'just to be safe'? Your access keys are hardcoded? After 7 years of AWS deployments, here are the IAM mistakes that will haunt you at 3 AM when you get the security breach notification!
That innocent XML file upload? It might be reading your server's /etc/passwd file right now. Let's talk about XXE - the vulnerability that turns parsers into weapons.
Want to get paid to break into websites? Welcome to bug bounty hunting! Here's how I got started finding vulnerabilities and why you should too.
You just npm installed a package and gave a stranger root access to your machine. Congrats! After building Node.js apps in production, here's why your node_modules folder is scarier than any horror movie!
Ever wonder what's ACTUALLY happening on your WiFi network? I put my wireless adapter in monitor mode and saw EVERY packet flying through the air. Passwords, cookies, DNS queries... the WiFi spectrum tells all. Here's what I learned about wireless security!
That old subdomain you forgot about? It might be your biggest security hole. Here's how hackers hijack subdomains and how to stop them!
CSP is like hiring a bouncer for your website - it decides what scripts can run and what gets kicked out. Let's make security headers fun!
Committing API keys to Git? Hardcoding database passwords? Let's talk about managing configs and secrets the RIGHT way - because 'It works on my machine' isn't a deployment strategy!
Coming from 7 years of web dev, I never thought memory safety would matter to me. Then I started building RF/SDR tools and security utilities. Rust changed everything. Here's why memory-safe code is your secret weapon against hackers!
Your S3 bucket is probably leaking data AND money right now. After years of architecting on AWS, here are the S3 gotchas that bite everyone - from accidentally public buckets to storage costs that spiral out of control!
Think throwing your app in a container makes it secure? Think again! Let's talk about Docker security holes that'll keep you up at night - and how to fix them.
Think your file uploads are safe? Let me show you how hackers use '../' to read your passwords, SSH keys, and database configs. It's scarier than it sounds!
Was building my 'perfect' framework with DDD, TDD, and Clean Architecture. Ended up finding security bugs in Laravel instead. Classic developer move.
Cross-Site Scripting is like letting strangers write graffiti on your website... except the graffiti can steal passwords. Let's fix that!
Your website is walking around naked in a dangerous neighborhood. Security headers are like free body armor - and you're probably not using them. Here's how 5 lines of config can stop most attacks cold.
Think SQL injection is old news? Think again. It's STILL the #1 way databases get pwned in 2026. Here's how hackers do it, why your code is probably vulnerable, and how to actually fix it.
Think your password is safe because you only used it on 'a few sites'? Plot twist: it's already leaked, tested on 10,000 websites, and up for sale. Here's how credential stuffing works and how to stop being an easy target.
Getting 'blocked by CORS policy' errors? Thinking about just disabling it? DON'T. Here's why CORS exists, why your '*' wildcard is dangerous, and how to fix it properly.
Think JWTs are secure by default? Think again! Here's how developers accidentally turn authentication tokens into security disasters - and how to fix them.
Middleware is like having a bouncer at your app's door. Let's learn how to use it without getting kicked out!
Think sessions are boring? Wait until someone steals yours and takes over your account. Here's how session hijacking works, why your cookies are treasure, and how to protect them like Fort Knox.