Sublime

An inspiration engine for ideas

AllPeopleCollectionsArticlesAudioBooksFilesHighlightsImagesLinksNotesTextTweetsVideosSocial

Thumbnail of www-x-com-saidaitmbarek-status-1901937284997341195-5489ed95bc6e4010

feeling sorry for @leojr94_ vibe coders check these before releasing real-world apps - implement auth, JWT will do - sanitize inputs, handle cors - activate ddos protection (if available) - firewall infra + IP filter - secure API keys... See more

Saïd Aitmbarek

x.com

"Find, verify, and analyze leaked credentials" https://t.co/fQAHYBvEz2

Tom Dörr

x.com

I know iOS/macOS ChatGPT apps are all the rage at the moment but looks like at least 50% of them are leaking their private @OpenAI API keys through their property lists/app binaries. (n=10) I've sent emails to the developers, but here's a quick thread: 👇🏻 https://t.co/vM1vWDRNAM

Cyril Zakka, MD

x.com

From one of my favorite Hacker News comments ever, by @Jonathan_Blow: https://t.co/uJgib4x6El

Nabeel S. Qureshi

x.com

Jots - Amplenote

https://t.co/RuIY2gWJ7T

J.C. Ryle

x.com

🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)! I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis progresses! 🧐 #infosec #xz

Thomas Roccia 🤘

x.com

📍JWTAuditor - Advanced JWT Pentesting Platform https://t.co/J5mVFs25XY https://t.co/eVwiNzIRUi

Harshleen Chawla

x.com

I just got my third security audit back. All clear. Most backend devs think HTTPS + JWT = secure. That's how you get owned. Here are the security measures that actually work ↓

Neer x.com