AKAyush Kumarinayushkumar912.hashnode.dev·6d ago · 10 min readContext Engineering for Coding Agents: What Anthropic and OpenAI's Guidance Actually ImpliesRoot cause: context is a finite, decaying resource Strip the vendor-specific vocabulary and both companies are describing the same failure mode you'd recognize from any stateful system: a bounded reso00
RARJ Abellinricocyberstack.hashnode.dev·Jun 25 · 8 min readWeb Development Still Fails Cybersecurity BasicsIn most university capstone presentations, startup MVP demonstrations, or freelance web development showcases, developers tend to prioritize functionality, aesthetics, and delivery speed, often neglec00
SKSreeram K Sincode-as-a-story.hashnode.dev·Jun 20 · 6 min readWhat is XSS (Cross-Site Scripting)?Story Time Imagine your office has a public notice board where anyone can walk up and pin messages like “Team lunch at 1 PM” and “Meeting moved to 3 PM”. Everyone trusts this board and whatever is wri00
YPYogesh Peelainexploitnotes.hashnode.dev·Jun 8 · 5 min readRender & Plunder - dalCTF 2026Challenge: Render & PlunderCategory: Web Security / Defense Challenge Description I wrote a user-profile service with a nice renderer for myself. Surely it's secure, right? Take a look and patch any00
ZMZahradeen Muazuinitxdeeni.hashnode.dev·May 7 · 7 min readSentinAI: Building an Autonomous AI Security AuditorModern application security tooling has a fundamental problem: Most scanners can identify suspicious patterns. Very few can actually reason about how software is exploited. That gap becomes painfully 00
WBWiktoria Blomgren Strandberginpentesting-dvwa.hashnode.dev·May 5 · 22 min readFile Inclusion in DVWA1 Introduction In this post, the File Inclusion vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for local file inclusion (LFI) attacks on all levels is to read 00
MNMilan Nikicinsecuritydepth.hashnode.dev·May 5 · 19 min readOS Command Injection in Java: Secure Coding Patterns (Part 1)There are times when using the Java APIs is simply not sufficient. Video processing using FFmpeg, obtaining EXIF information, integrating with legacy tools – all of these are valid reasons for accessi00
MBMouhamed Ben Abdallahinerinmin-writeups.hashnode.dev·May 2 · 4 min readFile path traversal, simple case WriteUp & WalkthroughLab Writeup: File Path Traversal — Simple Case Platform: PortSwigger Web Security Academy Vulnerability: Path Traversal (CWE-22) Difficulty: Apprentice Tool Used: Caido (Burp Suite alternative) What 00
WBWiktoria Blomgren Strandberginpentesting-dvwa.hashnode.dev·Apr 26 · 28 min readBlind SQL Injection in DVWA1 Introduction In this post, the Blind SQL Injection vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks on all levels is to find the version of the SQL00
MNMilan Nikicinsecuritydepth.hashnode.dev·Apr 20 · 22 min readDirectory Traversal in Java: Advanced Protection and Testing (Part 2)In previous part 1, we discussed the basics of directory traversal attacks, attack vectors, vulnerable code structures, and the essential mitigation techniques, including secure Spring Boot usage. In 00