Exposed Files
.env exposed: how a single file hands attackers your whole stack
The .env file holds your database URLs, API keys and tokens. It belongs on the server — but when it ships to a public folder, anyone can just download it.
Tag
#secrets
Secrets
The most common way API keys leak from production sites
API keys do not usually leak through clever hacks. They leak because a key meant for the server ends up in code the browser downloads. Here is the pattern, and the fix.
Vibe Coding
I shipped an app with AI in a weekend — here is what the scanner found
We built a small app the vibe-coding way, deployed it, then scanned it. Here is the honest list of what came back, and what each finding actually meant.
Vibe Coding
Security for vibe coders: the 7 things AI-generated apps leak first
AI writes the code that solves your prompt — not the code that keeps secrets. Here are the 7 things vibe-coded apps leak first, and how to catch them before bots do.