The latest articles on DEV Community by QVS Quantum Vulnerability Scanner (@qvs_quantumvulnerability). https://dev.to/qvs_quantumvulnerability https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3878714%2Ff770b4eb-5bc8-4ad2-81f0-fc0bcde1893b.png https://dev.to/qvs_quantumvulnerability en QVS Quantum Vulnerability Scanner Tue, 14 Apr 2026 13:31:26 +0000 https://dev.to/qvs_quantumvulnerability/i-built-a-quantum-vulnerability-scanner-in-2-weeks-heres-what-i-learned-300b https://dev.to/qvs_quantumvulnerability/i-built-a-quantum-vulnerability-scanner-in-2-weeks-heres-what-i-learned-300b <p>When I was a kid, I played tabletop RPGs with a guy who was always ten times smarter than the rest of us — and always chose the evil side. Years later, he became a nuclear physicist. Now he's reportedly working on quantum computers at the bleeding edge.</p> <p>If he's building the weapons, maybe I should build the walls.</p> <p>That's why I built QVS.</p> <p>NIST has set 2030 as the deadline for organizations to migrate away from quantum-vulnerable cryptography. RSA, ECC, SHA-1 — algorithms we rely on every day — will be broken by quantum computers running Shor's algorithm. Most organizations have no idea where they stand.</p> <p>I wanted to fix that, so I built QVS — a free web tool that scans your URLs, files, and code for quantum-vulnerable cryptography in seconds.</p> <h2> What it does </h2> <p>You enter a URL, upload a file, or paste code (Python, JS, Java, Go, C#). QVS checks for:</p> <ul> <li>RSA key exchange in TLS</li> <li>ECDSA/ECDH with non-post-quantum curves</li> <li>SHA-1 in certificates</li> <li>AES-128 (reduced to 64-bit security by Grover's algorithm)</li> <li>Weak cipher suites</li> </ul> <p>You get a Quantum Readiness Score from 0-100 with a letter grade and specific findings with remediation recommendations.</p> <h2> Tech stack </h2> <ul> <li> <strong>Backend:</strong> Python 3.11, FastAPI, Uvicorn</li> <li> <strong>Frontend:</strong> Vanilla HTML/CSS/JS (no React, no framework)</li> <li> <strong>Scanner:</strong> 46 regex detection patterns + pyca/cryptography + stdlib ssl</li> <li> <strong>PDF reports:</strong> ReportLab</li> <li> <strong>Payments:</strong> Stripe Checkout</li> <li> <strong>Deploy:</strong> Docker on Render.com</li> </ul> <p>Total build time: about 2 weeks.</p> <h2> What I learned </h2> <p><strong>Keep it simple.</strong> I almost reached for React. Glad I didn't. Vanilla JS made the frontend trivially fast to iterate on.</p> <p><strong>Regex gets you surprisingly far.</strong> Pattern matching isn't a deep cryptographic analysis, and I'm upfront about that. But for a quick surface-level audit, it catches the most common issues that matter for post-quantum readiness.</p> <p><strong>Ship before it's perfect.</strong> The scanner doesn't cover everything. But it covers enough to be useful, and real user feedback will tell me what to add next.</p> <h2> Try it </h2> <p>Free scan, no signup: <a href="https://qvs.app" rel="noopener noreferrer">https://qvs.app</a></p> <p>There's an optional $49 premium report with executive summary, compliance timeline, and remediation roadmap if you need something to hand to your CTO.</p> <p>I'd love feedback — what patterns or checks would you want to see added?</p> security cybersecurity webdev