Sublime
An inspiration engine for ideas
It's hard to go into depth since this is an arms race situation. At a high-level though, aside from hardening your auth, there are 4 things you can do:
1) Use a rate limiter against IP and user ids
2) Block traffic from bad acting nation states
3) Only allow requests from real... See more
Jared Palmerx.com
o3 is out and it is absolutely amazing!!
i've been playing with it for a week or so and it's already my go-to model. it's fast, agentic, extremely smart, and has great vibes.
some of my top use cases:
- it flagged every single time I sidestepped conflict in my... See more
feeling sorry for @leojr94_
vibe coders check these before releasing real-world apps
- implement auth, JWT will do
- sanitize inputs, handle cors
- activate ddos protection (if available)
- firewall infra + IP filter
- secure API keys... See more
Carielli suggests that organizations implement API gateways for authentication, authorization and rate limiting, while using WAF and bot management tools to manage and mitigate malicious traffic.
Tim Keary • Why Enterprises Can’t Afford to Overlook API Security in 2023
re: the Security Solution for Small SaaS
This is the primary angle I need to find out. IMHO CF is not super intuitive for less technical/less security minded folks.
Secondarily/more in the weeds, I plan to focus it more on “deception operations” that are designed to trick, frustrate,... See more
developing valhallax.com