<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Refilwe Ledwaba</title>
    <description>The latest articles on DEV Community by Refilwe Ledwaba (@devguardlabs).</description>
    <link>https://dev.to/devguardlabs</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4025957%2F99305317-e109-4297-8eba-011ceff95169.png</url>
      <title>DEV Community: Refilwe Ledwaba</title>
      <link>https://dev.to/devguardlabs</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/devguardlabs"/>
    <language>en</language>
    <item>
      <title>Building a Local-First ATO Risk Scorer: Looking for Security-Minded Feedback</title>
      <dc:creator>Refilwe Ledwaba</dc:creator>
      <pubDate>Sun, 12 Jul 2026 11:16:18 +0000</pubDate>
      <link>https://dev.to/devguardlabs/building-a-local-first-ato-risk-scorer-looking-for-security-minded-feedback-1cco</link>
      <guid>https://dev.to/devguardlabs/building-a-local-first-ato-risk-scorer-looking-for-security-minded-feedback-1cco</guid>
      <description>&lt;p&gt;I’ve been working on a lightweight, zero-dependency middleware for Node.js (Express, Next.js, Fastify) designed to solve a specific pain point: the trade-off between securing login flows and maintaining low-latency infrastructure.&lt;/p&gt;

&lt;p&gt;Instead of relying on heavy, third-party fraud APIs that introduce latency and require sending sensitive user telemetry off-server, I’ve built a local, tunable rules engine to handle ATO (Account Takeover) and SIM-swap detection natively.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The Architecture:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Zero-Latency:&lt;/strong&gt; The logic runs entirely within the local request/response cycle.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Privacy-First:&lt;/strong&gt; All data stays within your private network.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Fail-Open Design:&lt;/strong&gt; Your authentication flow remains uninterrupted, even if the scorer encounters a logic exception.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Why I’m opening this up:&lt;/strong&gt;&lt;br&gt;
I’ve reached a point where I want to pressure-test the rules engine against real-world scenarios. I’ve just open-sourced the project under the &lt;strong&gt;DevGuard Labs&lt;/strong&gt; banner and am currently looking for developers to help beta-test the logic.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How you can help:&lt;/strong&gt;&lt;br&gt;
If you're building auth-heavy applications, I’d love for you to take a look at the repo, see how the sliding-window velocity checks are handled, and let me know if you spot any edge cases.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Check out the repo here:&lt;/strong&gt;&lt;br&gt;
&lt;a href="https://github.com/blacksanddesignsandbranding-dot/account-takeover-risk-scorer" rel="noopener noreferrer"&gt;https://github.com/blacksanddesignsandbranding-dot/account-takeover-risk-scorer&lt;/a&gt;&lt;br&gt;
Any feedback—or even a Star if you find the approach useful for your own stack—would be greatly appreciated as I work on the next phase of the rules engine!&lt;/p&gt;

</description>
      <category>node</category>
      <category>security</category>
      <category>express</category>
      <category>webdev</category>
    </item>
  </channel>
</rss>
