DEV Community

Security

Hopefully not just an afterthought!

Posts

👋 Sign in for the ability to sort posts by relevant, latest, or top.
From Harness Engineering to Evals: What’s Trending at AI Engineer

AI Engineer World's Fair Coverage

From Harness Engineering to Evals: What’s Trending at AI Engineer

48
Comments 17
5 min read
SPF's 10-lookup limit: why your SPF silently fails, and how to fix it

SPF's 10-lookup limit: why your SPF silently fails, and how to fix it

Comments
4 min read
PamStealer: the macOS stealer that checks your password through PAM before stealing it

PamStealer: the macOS stealer that checks your password through PAM before stealing it

1
Comments 2
5 min read
Chainlink Automation Isn't a Cron Job. It's a Consensus Decision

Chainlink Automation Isn't a Cron Job. It's a Consensus Decision

5
Comments
6 min read
Four post-quantum deadlines on the calendar. Most developers know about zero of them.

Four post-quantum deadlines on the calendar. Most developers know about zero of them.

Comments
5 min read
Your Fraud Detection Cannot Tell a Legitimate Agent From a Bot. Identity Is the Only Fix.

Your Fraud Detection Cannot Tell a Legitimate Agent From a Bot. Identity Is the Only Fix.

1
Comments
5 min read
Running untrusted, AI-generated code: why we built CreateOS Sandbox on Firecracker

Running untrusted, AI-generated code: why we built CreateOS Sandbox on Firecracker

7
Comments 3
4 min read
I scanned 670 MCP servers and 78% have significant security issues

I scanned 670 MCP servers and 78% have significant security issues

Comments
1 min read
Vulnerability Management is a Workaround for a Missing Call Graph

Vulnerability Management is a Workaround for a Missing Call Graph

Comments
12 min read
Why Cursor's CORS Fix Opens Your API to Any Website (CWE-942)

Why Cursor's CORS Fix Opens Your API to Any Website (CWE-942)

Comments
3 min read
The hard part of attacking an AI isn't breaking it. It's telling real harm from fake.

The hard part of attacking an AI isn't breaking it. It's telling real harm from fake.

Comments
7 min read
Vaultwarden-Plus v1.36.3: Organization Account Recovery — without breaking zero-knowledge

Vaultwarden-Plus v1.36.3: Organization Account Recovery — without breaking zero-knowledge

Comments
2 min read
30+ Anti-Fraud Rules Engine: Real-Time Risk Control with Zero API Cost

30+ Anti-Fraud Rules Engine: Real-Time Risk Control with Zero API Cost

Comments
2 min read
OAUTH2.0 In Action — A Guide To Implementing OAUTH In Apps and Websites.

OAUTH2.0 In Action — A Guide To Implementing OAUTH In Apps and Websites.

Comments
5 min read
Prompt Injection Isn’t Going Away — Jason Haddix on the Architecture Problem Nobody Wants to Admit

Prompt Injection Isn’t Going Away — Jason Haddix on the Architecture Problem Nobody Wants to Admit

4
Comments 1
3 min read
👋 Sign in for the ability to sort posts by relevant, latest, or top.