<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Nachiket Roy</title>
    <description>The latest articles on DEV Community by Nachiket Roy (@nachiket-roy).</description>
    <link>https://dev.to/nachiket-roy</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3803132%2Fb1773b16-8b54-4462-b862-b8ba43c7ce03.jpeg</url>
      <title>DEV Community: Nachiket Roy</title>
      <link>https://dev.to/nachiket-roy</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/nachiket-roy"/>
    <language>en</language>
    <item>
      <title>Connecting AI and Security with BLT-MCP</title>
      <dc:creator>Nachiket Roy</dc:creator>
      <pubDate>Mon, 06 Jul 2026 21:25:45 +0000</pubDate>
      <link>https://dev.to/owaspblt/connecting-ai-and-security-with-blt-mcp-2cgb</link>
      <guid>https://dev.to/owaspblt/connecting-ai-and-security-with-blt-mcp-2cgb</guid>
      <description>&lt;p&gt;This summer i was given the opportunity to work on my BLT-MCP project with OWASP-BLT. Over the last few months, I've been working on transforming how users interact with BLT. Now it marks the midpoint of the project, and there's been some interesting development i would like to share.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What is MCP?&lt;/strong&gt;&lt;br&gt;
MCP (Model Context Protocol) is an emerging open standard that helps AI models securely interact with local tools and remote data sources. By building an MCP server for OWASP BLT, we're essentially teaching AI assistants (like Claude, Cursor) how to natively speak with BLT directly. Your AI can read issue context, browse repositories, and submit vulnerabilities, without ever leaving your IDE.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The Two Pillars So Far&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;p&gt;The MCP Server&lt;br&gt;
Written in Python, the server acts as the translation layer between LLMs and the BLT API. It exposes two main capabilities to the AI:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Resources (blt:// URIs) - the AI can fetch live data exactly when it needs context. For example, reading blt://issues/123 to get the details of a specific vulnerability.&lt;/li&gt;
&lt;li&gt;Tools - actionable endpoints that let the AI do things, like submit_issue and add_comment.&lt;/li&gt;
&lt;/ul&gt;
&lt;/li&gt;
&lt;li&gt;&lt;p&gt;The BLT-CLI (Rust Terminal UI)&lt;/p&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;While IDE integration is great, sometimes you just want a fast terminal experience. I built BLT-CLI in Rust using ratatui a Terminal UI (TUI) that connects directly to the MCP server and the BLT API. Triage logic is being built alongside it, so you can browse, review, and act on issues right from the terminal.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F7fail4gc4myc0882dv50.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F7fail4gc4myc0882dv50.png" alt="BLT easter" width="800" height="488"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What's Next&lt;/strong&gt;&lt;br&gt;
The core logic and terminal are built. For the remaining sprint, I'll be focused on testing everything end-to-end, polishing the rough edges, and starting work on a vision pipeline that can turn a dropped screenshot into a drafted vulnerability report, which is still early and in progress.&lt;br&gt;
Thanks for following along!&lt;/p&gt;

</description>
      <category>mcp</category>
      <category>owasp</category>
      <category>cli</category>
    </item>
    <item>
      <title>My Journey Into Open Source and My First Big PR</title>
      <dc:creator>Nachiket Roy</dc:creator>
      <pubDate>Tue, 03 Mar 2026 07:18:27 +0000</pubDate>
      <link>https://dev.to/owaspblt/my-journey-into-open-source-and-my-first-big-pr-5h4i</link>
      <guid>https://dev.to/owaspblt/my-journey-into-open-source-and-my-first-big-pr-5h4i</guid>
      <description>&lt;p&gt;I heard about open source around a year ago, and honestly, I didn’t jump in out of excitement - it was pure curiosity. I just wanted to see how things worked behind the scenes. So I started exploring the good-first-issue label on GitHub, picked some random repos, forked them, committed a few changes, and slowly figured out the whole contribution workflow.&lt;br&gt;
Back then, I also knew about GSoC - Google Summer of Code - but only at a surface level. To me, it was simply “contribute → get selected.” I had no idea how big real-world codebases could be or how overwhelming they might feel.&lt;/p&gt;
&lt;h2&gt;
  
  
  Finding My Direction: OWASP
&lt;/h2&gt;

&lt;p&gt;While browsing blogs about how to get started, almost everyone suggested reading previous years’ GSoC write-ups. So I did. And while reading those posts, one organization suddenly stood out: OWASP.&lt;/p&gt;

&lt;p&gt;The reason was simple - I already knew about the OWASP Top 10. Out of hundreds of unfamiliar organizations, OWASP felt like a place where I at least understood the purpose.&lt;/p&gt;

&lt;p&gt;As I explored further, projects like NEST, CRE, and BLT started popping up. I leaned toward NEST at first because I’m more comfortable with TypeScript. BLT looked really interesting, but I had zero experience with Django or Python.&lt;/p&gt;

&lt;p&gt;And then came the twist.&lt;/p&gt;
&lt;h2&gt;
  
  
  The Blog That Changed Everything
&lt;/h2&gt;

&lt;p&gt;I found a GSoC blog written by a contributor. They had built four security labs for the BLT project and the write-up was so friendly that it gave me confidence:&lt;/p&gt;

&lt;p&gt;“I may not know the stack, but I can surely replicate this and extend it.”&lt;/p&gt;

&lt;p&gt;That belief was strong enough for me to try. Plus, I knew I could use AI tools to understand things. How hard could it be?&lt;/p&gt;

&lt;p&gt;Well… harder than I expected.&lt;/p&gt;
&lt;h2&gt;
  
  
  My First PR: The Reality Check
&lt;/h2&gt;

&lt;p&gt;I replicated the labs, joined the Slack workspace, got confirmation, and made my PR in October:&lt;/p&gt;


&lt;div class="ltag_github-liquid-tag"&gt;
  &lt;h1&gt;
    &lt;a href="https://github.com/OWASP-BLT/BLT/pull/4628" rel="noopener noreferrer"&gt;
      &lt;img class="github-logo" alt="GitHub logo" src="https://assets.dev.to/assets/github-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg"&gt;
      &lt;span class="issue-title"&gt;
        Added Labs: Under Security Labs Added More Labs
      &lt;/span&gt;
      &lt;span class="issue-number"&gt;#4628&lt;/span&gt;
    &lt;/a&gt;
  &lt;/h1&gt;
  &lt;div class="github-thread"&gt;
    &lt;div class="timeline-comment-header"&gt;
      &lt;a href="https://github.com/Nachiket-Roy" rel="noopener noreferrer"&gt;
        &lt;img class="github-liquid-tag-img" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Favatars.githubusercontent.com%2Fu%2F204239697%3Fv%3D4" alt="Nachiket-Roy avatar"&gt;
      &lt;/a&gt;
      &lt;div class="timeline-comment-header-text"&gt;
        &lt;strong&gt;
          &lt;a href="https://github.com/Nachiket-Roy" rel="noopener noreferrer"&gt;Nachiket-Roy&lt;/a&gt;
        &lt;/strong&gt; posted on &lt;a href="https://github.com/OWASP-BLT/BLT/pull/4628" rel="noopener noreferrer"&gt;&lt;time&gt;Oct 14, 2025&lt;/time&gt;&lt;/a&gt;
      &lt;/div&gt;
    &lt;/div&gt;
    &lt;div class="ltag-github-body"&gt;
      &lt;p&gt;Added  more labs in security labs section closes #4784
&lt;a rel="noopener noreferrer" href="https://github.com/user-attachments/assets/75239ef9-0277-48b2-9b54-930d719074fe"&gt;&lt;img width="1284" height="656" alt="2025-10-15_00-00" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F75239ef9-0277-48b2-9b54-930d719074fe"&gt;&lt;/a&gt;
&lt;a rel="noopener noreferrer" href="https://github.com/user-attachments/assets/d2bcc17f-e747-4dcf-8e85-025b6c48ce40"&gt;&lt;img width="1259" height="826" alt="2025-10-15_00-01" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Fd2bcc17f-e747-4dcf-8e85-025b6c48ce40"&gt;&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;To seed labs and their tasks simply run :
&lt;code&gt;python manage.py seed_all_security_lab&lt;/code&gt;&lt;/p&gt;

&lt;div class="markdown-heading"&gt;
&lt;h2 class="heading-element"&gt;Summary by CodeRabbit&lt;/h2&gt;
&lt;span class="octicon octicon-link"&gt;&lt;/span&gt;
&lt;/div&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Refactor&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Restructured task detail page into clear, per-lab sections for payload exercises (SQLi, XSS, CSRF, Command Injection, Broken Auth, IDOR, File Upload, Sensitive Data Exposure, Open Redirect, SSRF)&lt;/li&gt;
&lt;li&gt;Unified and simplified MCQ and simulation submission flows and result display with consistent styling driven by correctness&lt;/li&gt;
&lt;li&gt;Minor formatting and structural template cleanups&lt;/li&gt;
&lt;/ul&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Chores&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Added a management command to seed the six security labs and their tasks for testing/dev environments&lt;/li&gt;
&lt;/ul&gt;
&lt;/li&gt;
&lt;/ul&gt;


    &lt;/div&gt;
    &lt;div class="gh-btn-container"&gt;&lt;a class="gh-btn" href="https://github.com/OWASP-BLT/BLT/pull/4628" rel="noopener noreferrer"&gt;View on GitHub&lt;/a&gt;&lt;/div&gt;
  &lt;/div&gt;
&lt;/div&gt;


&lt;p&gt;The moment I asked for a review, reality hit.&lt;br&gt;
Replication wasn’t as simple as copy → paste → commit.&lt;/p&gt;

&lt;p&gt;I had:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;added irrelevant files&lt;/li&gt;
&lt;li&gt;failed pre-commit checks&lt;/li&gt;
&lt;li&gt;triggered Sentry and CodeRabbit warnings I didn’t even understand&lt;/li&gt;
&lt;li&gt;and generally made every beginner mistake possible&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;After a lot (and I mean a lot) of back-and-forth, and with patient help from the maintainer - Donnie, I finally cleared everything. One month later, the PR was merged. And that changed everything for me.&lt;/p&gt;

&lt;h2&gt;
  
  
  From Zero Momentum to Light Speed
&lt;/h2&gt;

&lt;p&gt;Once that first PR got merged, it was a massive boost.&lt;/p&gt;

&lt;p&gt;I started reading issues, picking tasks, opening PRs, getting reviews, fixing things, and before I knew it, I had multiple PRs merged in the same month. The slow start turned into full-speed progress.&lt;/p&gt;

&lt;p&gt;We were also encouraged to review others’ PRs. I didn’t really know how to do that, so I watched how other contributors reviewed code and followed their patterns. Tools like CodeRabbit and Sentry helped; they taught me how to reason about code warnings.&lt;/p&gt;

&lt;p&gt;I also started recognizing common patterns in the backend:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;N+1 query problems&lt;/li&gt;
&lt;li&gt;cache stampede issues&lt;/li&gt;
&lt;li&gt;repeated logic patterns&lt;/li&gt;
&lt;li&gt;places where optimizations were needed&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;I wasn’t an expert, but I was learning how to spot things. I used Copilot and CodeRabbit to understand unfamiliar parts of the repo and slowly built a mental map of its workflow.&lt;/p&gt;

&lt;h2&gt;
  
  
  Where I Am Now
&lt;/h2&gt;

&lt;p&gt;From that first confused PR to today, the journey has been wild.&lt;br&gt;
I now:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;understand the repo’s structure&lt;/li&gt;
&lt;li&gt;can navigate issues, commits, and workflows confidently&lt;/li&gt;
&lt;li&gt;know how reviews function&lt;/li&gt;
&lt;li&gt;contribute regularly&lt;/li&gt;
&lt;li&gt;and feel genuinely connected to the project&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;What started as a random attempt to explore open source turned into something meaningful that i want to continue growing in.&lt;/p&gt;

</description>
      <category>opensource</category>
      <category>owasp</category>
      <category>gsoc</category>
    </item>
  </channel>
</rss>
