Security insights, founder guides, and best practices
Practical writing on building secure software, shipping SaaS as a non-technical founder, and cloud security from the engineers who do it day to day.

From Zero to Secure: Implementing CSP in Hours, Not Days
A comprehensive, step-by-step guide to implementing Content Security Policy across modern web platforms. From basic protection to advanced configurations, get your applications secured today.
Henry Addico
Oct 6, 2025

Why 50% of Web Apps Are Vulnerable to XSS (And Yours Might Be Too)
Over half of web applications lack basic XSS protection through Content Security Policy. While modern platforms enable 5-minute deployments, they leave a critical security blind spot that could cost your business dearly.
Henry Addico
Sep 17, 2025

Securing AWS Credentials on Engineer's Machines with macOS Secure Enclave
Last week, I wrote about the lessons from the Nx package poisoning attack, where malicious package versions were published to npm, silently stealing cloud credential from any developer unlucky enough to download them. Amongst other things, the attack highlighted a problem in how we store and manage AWS credentials on development machines.
Andy Caine
Sep 9, 2025

Lessons From the Nx NPM Package Poisoning Attack: Securing Your AWS Environment Against Supply Chain Threats
Last week, attackers poisoned the popular Nx build system on NPM with malicious versions that attempted to steal SSH keys, GitHub tokens, npm tokens, and AWS credentials. For many teams, that's a nightmare scenario. Let's look at what this attack tells us about securing AWS accounts against software supply chain threats.
Andy Caine
Sep 3, 2025
