loading
$ nti build --optimize-images
fetchthumbs
renderpage
waiting for assets
Tag
#security articles
Articles related to this tag. If you’re new, start with the newest posts.
Loading thumbs
aillmops
·4 min read
LLM observability: a minimal logging checklist for AI apps (2026)
A practical checklist to add minimal-but-sufficient logs for AI apps and automations. Capture the evidence you need for debugging, cost control, and incident response without logging secrets.
Read more→
Loading thumbs
aisecurityllm
·4 min read
Prompt injection defense for AI apps: an input-surface checklist (2026)
A practical checklist to reduce prompt injection and data exfiltration risk in AI apps. Audit your input surfaces, tool permissions, and logging so you can ship with confidence.
Read more→
Loading thumbs
securitywebops
·4 min read
Next.js CSP rollout: how to ship Report-Only without breaking auth/analytics (checklist)
A practical CSP rollout plan for Next.js: start in Report-Only, collect violation reports, tighten allowlists, migrate scripts toward nonces/hashes, then enforce with a rollback plan.
Read more→
Loading thumbs
securitywebops
·4 min read
Next.js security headers checklist: what to ship first (HSTS, CSP Report-Only, COOP/COEP)
A practical checklist for security headers in Next.js. Start with low-breakage headers, add HSTS only when HTTPS is guaranteed, stage CSP in Report-Only, and apply COOP/COEP/CORP only on routes that need cross-origin isolation.
Read more→
Loading thumbs
securityopsweb
·3 min read
Dependabot policy checklist: weekly batching, grouping, and safe update gates
A practical Dependabot operating policy: scope (npm + Actions), weekly batching, grouping, safe defaults for auto-merge, and CI gates that prevent update PRs from becoming incidents.
Read more→
Loading thumbs
securityopsweb
·3 min read
GitHub Actions security hardening checklist: permissions, SHA pinning, and PR event traps
A practical checklist to harden GitHub Actions as part of your software supply chain. Focus on least-privilege permissions, pinning third-party Actions by SHA, safe handling of fork PRs, and deployment gates.
Read more→
Loading thumbs
securitywebops
·3 min read
npm supply chain defense checklist: how to block risky dependency changes in CI
A practical checklist to reduce npm supply chain risk by treating dependency diffs as security events. Focus on new dependencies, install scripts, lockfile discipline, and incident first moves.
Read more→
Loading thumbs
securitywebai
·4 min read
IDOR prevention checklist (authorization): what to review in 30 minutes
A practical, ops-style authorization checklist to prevent IDOR (broken object-level access control). Focus on where IDs enter, how reads/writes are scoped, consistent deny behavior, and one regression test that prevents reintroducing the bug.
Read more→
Loading thumbs
web3airdropssecurity
·3 min read
Safe airdrop claims checklist: how to avoid phishing and approval traps
A practical, security-first checklist to run before connecting a wallet, signing messages, or approving tokens to claim an airdrop. Focus on official entry points, permission intent, and post-claim hygiene.
Read more→
Loading thumbs
web3airdropsops
·3 min read
A weekly airdrop tracking routine (low time, low risk)
A practical weekly workflow to collect airdrop leads, verify official sources, track deadlines, and reduce scam exposure — in 30–45 minutes per week.
Read more→
Loading thumbs
securitywebai
·4 min read
IDOR in AI-built web apps (authorization): how to catch it before you ship
AI-assisted development ships fast, and that makes authorization regressions common. This practical guide shows how to detect and fix IDOR (broken object-level authorization) with a repeatable review, tests, and rollout-safe patterns.
Read more→
Loading thumbs
web3securityevm
·3 min read
Permit2 explained (Web3): why approvals changed and how to use it safely (checklist)
Permit2 changed how token approvals are handled in many EVM dApps. Learn what it is, where the risk concentrates, what to check on signing screens, and a practical routine to revoke unused permissions.
Read more→
Loading thumbs
web3securitywallet
·2 min read
Read wallet signing screens (Web3): a 30-second checklist to avoid permission traps
A practical checklist for reading wallet signing screens. Learn to identify the action type, counterparty, and scope, and avoid high-risk permissions like Approve, Permit, and SetApprovalForAll.
Read more→
Loading thumbs
web3securityevm
·2 min read
Revoke token approvals on EVM: how to audit allowances safely (checklist)
Old ERC-20/NFT approvals are a common attack surface. This practical guide explains what approvals mean, when to revoke, and a repeatable audit routine to reduce blast radius.
Read more→
Loading thumbs
websecuritynextjs
·3 min read
Next.js security update playbook: how to patch and roll back safely (small teams)
A practical playbook for Next.js security updates: decide urgency, upgrade with small diffs, let CI fail fast, verify key flows on preview, deploy with a rollback plan, and rotate secrets when exposure is plausible.
Read more→
Loading thumbs
web3securitywallet
·3 min read
Anti-phishing checklist (2026): what to check before you connect/sign/claim
A practical anti-phishing routine for Web3: control entry points, read wallet permissions before signing, and reduce blast radius after actions. Designed to be repeatable before every connect/sign/claim.
Read more→
Loading thumbs
websecuritynextjs
·3 min read
Next.js CVE-2025-66478 response: what to verify, what to patch, and the fast checklist
A practical incident response checklist for CVE-2025-66478 in Next.js: confirm exposure, upgrade to patched versions, verify key flows, and rotate secrets when plausible. Written for small teams that need a repeatable process.
Read more→