4d ago · 6 min read · Introduction As part of my ongoing Web3 security journey, I’ve started studying the OWASP Top 10 for DeFi, beginning with one of the most critical categories: Access Control Vulnerabilities. Access co
Join discussion
5d ago · 9 min read · On April 3, 2026, Microsoft released the Agent Governance Toolkit — the first open-source framework to address all 10 OWASP Agentic AI risks with deterministic, sub-millisecond policy enforcement. If you are building autonomous agents in 2026, this i...
Join discussionApr 7 · 16 min read · Directory traversal vulnerabilities are at the core of a failure in the boundary between application logic and filesystem access. There is a tendency to focus on SQL injection, but directory traversal
Join discussion
Mar 30 · 27 min read · Security architecture is not just about selecting the right controls or designing secure systems. It is about proving those controls work, tracking their effectiveness over time, and communicating res
Join discussion
Mar 28 · 5 min read · In a shocking turn of events, a single, well-crafted malicious input was able to bring down an entire language model-based chatbot system, exposing sensitive user data and causing significant financial losses. The Problem from transformers import Aut...
Join discussionMar 22 · 7 min read · Agent Tooling Supply Chain Security: OWASP Agentic Top 10 and the pentagi Threat Model Two things happened in the same week. Trivy, the most popular container vulnerability scanner, got its GitHub Actions workflow compromised through a supply chain a...
Join discussionMar 22 · 4 min read · The aquasecurity/trivy ecosystem got hit this week. Supply chain compromise - a tool that 50,000+ organizations rely on for vulnerability scanning had its own supply chain briefly weaponized. The irony isn't lost on anyone. 65 points on Hacker News, ...
Join discussionMar 20 · 1 min read · Complete guide to DevSecOps for Developers: SAST, DAST in CI/CD Pipeline: architecture, practical implementation and best practices for developers and technical teams. What you'll learn Shift-left security: embedding security from the start of the d...
Join discussionMar 20 · 1 min read · Complete guide to Cryptographic Failures: Hashing, Encryption and Tokens: architecture, practical implementation and best practices for developers and technical teams. What you'll learn Symmetric vs Asymmetric Cryptography AES-256-GCM: Correct Imple...
Join discussionMar 20 · 1 min read · Complete guide to Supply Chain Security: npm audit, SBOM and Dependencies: architecture, practical implementation and best practices for developers and technical teams. What you'll learn Anatomy of a Supply Chain Attack npm audit: Advanced Usage Loc...
Join discussion
