I just got my third security audit back. All clear. Most backend devs think HTTPS + JWT = secure. That's how you get owned. Here are the security measures that actually work ↓

As someone who scrapes vulnerable sites for a living, and coming from a non-technical background myself, I feel like this advice isn't super helpful. For all the vibe coders, here is a simpler list: > Just use firebase or supabase for auth > Have protected... See more