DEV Community

# appsec

Application security topics beyond the web, including mobile and desktop applications.

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
Hardening my own Nmap web UI: the security holes I shipped, and what actually saved me

Hardening my own Nmap web UI: the security holes I shipped, and what actually saved me

2
Comments
4 min read
Your Phishing Simulation Score Is 99%. Here's Why That Worries Me.

Your Phishing Simulation Score Is 99%. Here's Why That Worries Me.

Comments
4 min read
"183 Local Tools, Zero Guardrails: What Local MCP Gets Wrong About 'Privacy'"

"183 Local Tools, Zero Guardrails: What Local MCP Gets Wrong About 'Privacy'"

Comments
3 min read
Agentic AI Security: Risks, OWASP Agentic Top 10, and Defensive Patterns (2026)

Agentic AI Security: Risks, OWASP Agentic Top 10, and Defensive Patterns (2026)

Comments
13 min read
Your Coding Agent Is a New Attack Surface and Most Devs Aren't Ready for It

Your Coding Agent Is a New Attack Surface and Most Devs Aren't Ready for It

1
Comments
3 min read
Phantom Squatting: When AI Hallucinated Domains Become Attacker Infrastructure

Phantom Squatting: When AI Hallucinated Domains Become Attacker Infrastructure

1
Comments
5 min read
282 AI Apps Are Handing Strangers Your API Bill — And Calling It a Product

282 AI Apps Are Handing Strangers Your API Bill — And Calling It a Product

1
Comments
3 min read
Your AI Agent Is Being Fed Lies, and Your Logs Won't Tell You

Your AI Agent Is Being Fed Lies, and Your Logs Won't Tell You

2
Comments
3 min read
GuardFall: When Decades-Old Shell Injection Tricks Beat Modern AI Safety Guardrails

GuardFall: When Decades-Old Shell Injection Tricks Beat Modern AI Safety Guardrails

1
Comments
5 min read
BioShocking: How AI Browsers Were Tricked Into Handing Over Your Passwords

BioShocking: How AI Browsers Were Tricked Into Handing Over Your Passwords

2
Comments
5 min read
DAST false negatives vs SAST false positives: a real case

DAST false negatives vs SAST false positives: a real case

1
Comments
10 min read
Cache Poisoning at the Edge: How Cloudflare Workers & Vercel Edge Functions Break Everything You Thought You Knew

Cache Poisoning at the Edge: How Cloudflare Workers & Vercel Edge Functions Break Everything You Thought You Knew

Comments
7 min read
AI Coding Agents Are the New Attack Surface Nobody's Ready For

AI Coding Agents Are the New Attack Surface Nobody's Ready For

1
Comments
3 min read
Mobile App Authentication: Best Practices for iOS and Android Developers (2026)

Mobile App Authentication: Best Practices for iOS and Android Developers (2026)

Comments
17 min read
Palo Alto Unit 42 Caught Indirect Prompt Injection in the Wild — Here's What Your Agent Firewall Needs to Stop It

Palo Alto Unit 42 Caught Indirect Prompt Injection in the Wild — Here's What Your Agent Firewall Needs to Stop It

1
Comments
5 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.