The latest articles on DEV Community by Stanley A (@stanleya). https://dev.to/stanleya https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3892823%2F1d044e1a-6037-41f2-9a01-da23d770397b.jpg https://dev.to/stanleya en Stanley A Wed, 22 Apr 2026 16:25:44 +0000 https://dev.to/stanleya/what-i-write-about-here-27dj https://dev.to/stanleya/what-i-write-about-here-27dj <p>This space is for practical notes on the gap between what <em>looks secure</em> and what is <em>actually secure</em> in modern web applications.</p> <p>Topics will mostly include:</p> <ul> <li>web application security</li> <li>API risk</li> <li>browser-side vulnerabilities</li> <li>practical penetration testing</li> <li>AI-assisted security workflows</li> </ul> <p>A lot of security issues do not fail because teams ignore them completely. They fail in the gap between assumptions and reality:</p> <ul> <li>“the scan came back clean”</li> <li>“the framework should handle that”</li> <li>“this path is internal only”</li> <li>“this issue is low severity in practice”</li> </ul> <p>The focus here will be on practical write-ups, real attack paths, remediation lessons, and the kinds of security problems that affect actual product and business workflows.</p> security webdev api devops