DEV Community: milad

The Programmer’s Journey: An Illustrated Path to Mastery

milad — Tue, 09 Jun 2026 06:50:56 +0000

Have you ever felt like the world of programming is an endless, shifting maze? Every day, there are new languages, frameworks, and technologies popping up. But if we were to zoom out and visualize this grand adventure, what would the landscape look like?

The image at the top of this post, the "Programmer’s Journey," is a metaphor for the evolution of a developer—from a novice standing in the forest of basics to an architect standing on the mountain peak of mastery. Let's explore the landscape.

1. The Fundamentals Forest: Where Roots Take Hold

Every great journey begins with a single step. At the bottom of our map lies the "Fundamentals Forest." This is the proving ground where every great programmer starts:

Programming Logic: Mastering the art of algorithmic thinking.
Data Structures & Algorithms: The essential pillars that allow you to solve complex problems efficiently.
Core Languages: Starting tools like Python, JavaScript, HTML, and CSS that provide the foundation for everything to come.

2. The Great Fork in the Road: Choosing Your Path

As you progress, the path splits, forcing you to choose your area of expertise:

The Back-end Kingdom: If you are drawn to logic, database management, server architecture, and complex systems, this road leads you to the powerful Server Citadels.
The Front-end City: If you are passionate about design, user experience (UI/UX), and creating the interactive visual world, you enter a vibrant city built on skyscrapers of technology like React and Vue.

3. The Systems Deep: For the Adventurous Souls

Not every developer chooses the high-level path. Some prefer to dive deep into the bedrock—the "Hardware Dungeons" and "Assembly Archives." This is the realm for those who want to understand exactly what happens beneath the hood of the machine. It is a challenging, darker path, but it grants a profound understanding of how computers truly function.

4. The Zenith of Mastery: The Architect’s Hub

Where is the ultimate destination? The peak of the mountain! Here, the focus shifts from syntax and libraries to higher-level thinking. At the "Architect’s Hub," a developer evolves into a Software Architect. This is where you master:

Software Architecture: Designing robust, scalable, and maintainable systems.
Team Leadership: Mentoring others and guiding large-scale projects.
Innovation: Combining deep technical knowledge with creativity to build the future.

Final Thoughts

This map reminds us that programming is not just about writing code; it is a journey. You might get stuck in the "Fundamentals Forest" for a while, or get lost in the bustling "Front-end City," and that’s perfectly normal. The most important thing is to understand where you are and keep moving forward.

Where do you stand on this map right now? Are you still traversing the forest, or are you currently building castles in the Back-end Kingdom? Let me know in the comments—I’d love to hear about the biggest challenges you're facing in your learning journey!

Built a GitHub Dashboard so I don't have to update my portfolio manually anymore

milad — Sat, 06 Jun 2026 10:33:51 +0000

The problem

I hate updating my portfolio.

Every time I push a new project, I have to manually add it to my portfolio website. Update the description, the tech stack, the link. It's boring. It's repetitive. I kept "forgetting" to do it.

So I stopped.

The solution

Build something that does it for me.

GitHub Developer Dashboard — a live portfolio that pulls everything straight from GitHub. No manual updates. No excuses.

What it looks like

Live GitHub data (repos, stars, followers) • Contribution graph • Smart project filtering • Language breakdown • Clean dark UI

Tech stack

· React 18
· Vite (because I'm impatient)
· TailwindCSS
· GitHub REST API

How it works

You drop your GitHub username and token in .env
The dashboard fetches your repos, stars, followers, contribution data
It caches everything so you don't hit rate limits
Updates in real-time when you push new code

Why I like it

· Zero maintenance — push to GitHub, it just shows up
· Actually useful — I can see my language stats without digging through API docs
· Looks decent — dark mode, cyber-inspired, not an eye sore

What I learned

· GitHub API rate limits are annoying (use a token, kids)
· Caching is your best friend
· Vite is stupid fast compared to CRA

Check it out

🔗 GitHub: https://github.com/miladrezanezhad/GitHub-Developer-Dashboard

⭐ Star if you're tired of manual portfolios too.

What's next?

· Search for any GitHub user (not just yourself)
· More filtering options
· Maybe a light mode? (if people really want it)

Drop your thoughts below. Or roast my code. Either way. 👇

I got tired of manually testing API rate limits, so I built a tool

milad — Sat, 30 May 2026 14:02:35 +0000

So here's the thing.

I was working on an API the other day — just a small internal tool — and I realized I had no idea if it had rate limiting or not. Like, at all.

I sent 200 requests in a loop with a bash script (don't judge me) and... nothing. No 429, no blocking, just happy 200s. My little API was basically begging to get brute-forced.

That's when I thought: there has to be a better way than writing a janky script every single time.

So I built API Security Auditor Pro.

What does it actually do?

It's just a CLI tool. Nothing fancy. You give it a URL, it does three things:

Tests for rate limiting — sends a bunch of requests and checks if you ever get a 429. If not? That's a red flag.
Checks security headers — you know, HSTS, CSP, all those things we forget to add.
Looks for weird stuff — like APIs returning way too much data or missing auth checks.

Nothing revolutionary. Just the boring stuff that actually matters.

Here's why I like it

It's fast. Like, really fast. No heavy setup, no cloud nonsense.
Docker support. Because who wants to install Python dependencies at 2 AM? docker run ... and you're done.
Output formats you can actually use. JSON for scripts, HTML for sending to managers who want "reports".
CI/CD ready. I threw it in a GitHub Action and now it runs every night. Found a staging API with no rate limiting on day 2.

Show me the code already

Fine. Here you go:

# Install it
pip install api-security-auditor-pro

# Test a public API (no rate limiting — oops)
api-auditor test-rate-limit https://jsonplaceholder.typicode.com/users

# Try it on GitHub's API (they actually do it right)
api-auditor test-rate-limit https://api.github.com/users/octocat --requests 100

# Save a report for your boss
api-auditor scan https://your-api.com --output report.json --format json
api-auditor report report.json --output look_how_secure_we_are.html

Real talk — does it work?

I tested it on:

GitHub API → ✅ Has rate limiting (returns 429 like a champ)
JSONPlaceholder → ❌ No rate limiting at all (classic)
A random e-commerce API I found → ❌ No rate limiting AND missing security headers. Yikes.

So yeah. It finds problems.

What's next?

I just released v1.0. It's stable, it works, and I actually use it on my own projects.

Future stuff I'm thinking about:

Authentication support (Bearer tokens, API keys)
GraphQL support
More vulnerability checks (OWASP Top 10 for APIs)

Links (because you're going to ask anyway)

GitHub: miladrezanezhad/api-security-auditor-pro
PyPI: pip install api-security-auditor-pro
Docker: docker pull miladrezanezhad/api-security-auditor-pro

One last thing

If you try it and it breaks — open an issue. If you like it — drop a star. If you have ideas — I'm all ears.

I built this because I needed it. But maybe you do too.

Go audit your APIs. You might be surprised.

— Milad

P.S. The tool won't attack your API. It just sends normal requests and looks at responses. Safe enough for production (but maybe test on staging first, yeah?).

Web Security Analyzer Pro v3.0 — I built 49 security modules, but I need your help

milad — Fri, 15 May 2026 07:54:03 +0000

👇 The honest truth

Three months ago, I started building a web security scanner.

Today, it has:

49 security modules (WordPress, cPanel, SQLi, XSS, SSL, API security, etc.)
Advanced SQL injection detection (error-based, boolean blind, time-based, UNION)
WAF evasion engine (detects 9 WAFs + Cloudflare, Sucuri, ModSecurity)
Built-in CVE database (2024–2026 vulnerabilities with CVSS scores)
HTML, PDF, Markdown, JSON reports
230+ automated tests (99.5% pass rate)

And it's completely free and open source under MIT license.

But here's the part I don't put in the README:

🐛 It's not perfect. And I need help.

This is a one-person project. I've tested it on dozens of targets, but:

Some modules fail on edge cases I haven't seen
The SQLi detector works great on MySQL, less tested on PostgreSQL
DOM XSS detection needs more real-world validation
The evasion engine works against 9 WAFs — but new WAFs appear every week
I'm sure there are bugs I don't even know about

I'm not looking for praise. I'm looking for people who will break this tool and tell me how.

🎯 Who this tool is for

Web developers who want to audit their own sites before deployment
Security researchers who need a free, scriptable scanner
Penetration testers who want a second opinion alongside Burp/ZAP
DevOps engineers who need CI/CD integration (REST API + JSON output)
Students learning web security (the code is open, modules are simple)

What this tool is NOT:

A replacement for Burp Suite Pro or Acunetix
A zero-day finder
An automated hacker machine

It's a free, honest scanner that catches low-hanging fruit and helps you understand your security posture.

🛠️ How you can help

Run it on your sites (with permission — read the LEGAL WARNING first)
Open an issue when it crashes, misses something, or gives a false positive
Send a pull request for a bug fix or new module
Share your test results — even failures help me improve

The code is modular. Adding a new module takes ~50 lines. The Wiki has templates.

📦 Quick start

git clone https://github.com/miladrezanezhad/web-security-scanner-pro.git
cd web-security-scanner-pro
pip install -r requirements.txt
python main.py scan https://your-test-site.com --mode stealth

Or just run python main.py for interactive mode.

⚠️ One more honest thing

I'm a frontend developer who fell into security.

Some modules are better than others. Some code is messy.

But I ship it anyway — because someone else might need it, even if it's not perfect.

Open source isn't about flawless code. It's about building together.

🔗 GitHub: miladrezanezhad/web-security-scanner-pro

#websecurity #opensource #bugbounty #python #infosec #helpneeded