DEV Community

Security

Hopefully not just an afterthought!

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
Applying SAST to a PHP Application with Psalm's Taint Analysis

Applying SAST to a PHP Application with Psalm's Taint Analysis

Comments 1
5 min read
I built a linter for Splunk SPL — then ran it against Splunk's own detection library

I built a linter for Splunk SPL — then ran it against Splunk's own detection library

Comments
4 min read
My agent kept reading data it wasn't allowed to. The prompt was never going to stop it.

My agent kept reading data it wasn't allowed to. The prompt was never going to stop it.

Comments
10 min read
The Invisible Attack Surface: Why Machine Identities Are Cloud Security's Biggest Blind Spot

The Invisible Attack Surface: Why Machine Identities Are Cloud Security's Biggest Blind Spot

Comments
5 min read
Redaction is Not Enough: When an LLM can still Infer the PII You Stripped Out

Redaction is Not Enough: When an LLM can still Infer the PII You Stripped Out

1
Comments
4 min read
The Microsoft UEFI CA from 2011 expired last week. Here's what to check.

The Microsoft UEFI CA from 2011 expired last week. Here's what to check.

Comments
2 min read
OAuth Token Flows and Microsoft Entra ID: How One Application Proves Who It Is to Another

OAuth Token Flows and Microsoft Entra ID: How One Application Proves Who It Is to Another

Comments
8 min read
AI Won’t Replace You—Here’s What Will

AI Won’t Replace You—Here’s What Will

Comments
7 min read
The first malicious MCP server was one line of code: the postmark-mcp rug pull

The first malicious MCP server was one line of code: the postmark-mcp rug pull

1
Comments
3 min read
Memory Tagging (MTE): Hardware That Catches Memory Bugs

Memory Tagging (MTE): Hardware That Catches Memory Bugs

Comments
5 min read
3 Times You Need Base64 (and One Time You Definitely Don't)

3 Times You Need Base64 (and One Time You Definitely Don't)

Comments
2 min read
I built a browser-only HTTP Cookie Inspector — parse Set-Cookie, security score, XSS/CSRF flags, 84 tests

I built a browser-only HTTP Cookie Inspector — parse Set-Cookie, security score, XSS/CSRF flags, 84 tests

1
Comments
2 min read
EU Cyber Resilience Act: What AI Developers Need to Know for CRA Compliance

EU Cyber Resilience Act: What AI Developers Need to Know for CRA Compliance

9
Comments 2
6 min read
Oracle PeopleSoft Supply Chain Compromise: Nissan & 99 Targets

Oracle PeopleSoft Supply Chain Compromise: Nissan & 99 Targets

Comments
5 min read
Least Privilege is a Workaround for a Missing Specification

Least Privilege is a Workaround for a Missing Specification

Comments
14 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.