Blog

Security insights, founder guides, and best practices

Practical writing on building secure software, shipping SaaS as a non-technical founder, and cloud security from the engineers who do it day to day.

ctrl+k
RSS Feed
All
Application Security
Best Practices
Cloud Security Assessments
Cloud Governance
Compliance
Data Protection
Founder Playbook
Founders
General
Incident Detection & Response
Infrastructure Security
MVP
Saas
Small Business
Supply Chain Security
Vibe Coding
Blog cover image for From Zero to Secure: Implementing CSP in Hours, Not Days
Application Security
CSP Implementation
Web Security

From Zero to Secure: Implementing CSP in Hours, Not Days

A comprehensive, step-by-step guide to implementing Content Security Policy across modern web platforms. From basic protection to advanced configurations, get your applications secured today.

HA

Henry Addico

Oct 6, 2025

Blog cover image for Why 50% of Web Apps Are Vulnerable to XSS (And Yours Might Be Too)
Application Security
AWS
Threat Modelling

Why 50% of Web Apps Are Vulnerable to XSS (And Yours Might Be Too)

Over half of web applications lack basic XSS protection through Content Security Policy. While modern platforms enable 5-minute deployments, they leave a critical security blind spot that could cost your business dearly.

HA

Henry Addico

Sep 17, 2025

Blog cover image for Securing AWS Credentials on Engineer's Machines with macOS Secure Enclave
Supply Chain Security
AWS
Security

Securing AWS Credentials on Engineer's Machines with macOS Secure Enclave

Last week, I wrote about the lessons from the Nx package poisoning attack, where malicious package versions were published to npm, silently stealing cloud credential from any developer unlucky enough to download them. Amongst other things, the attack highlighted a problem in how we store and manage AWS credentials on development machines.

AC

Andy Caine

Sep 9, 2025

Blog cover image for Lessons From the Nx NPM Package Poisoning Attack: Securing Your AWS Environment Against Supply Chain Threats
Supply Chain Security
AWS
Security

Lessons From the Nx NPM Package Poisoning Attack: Securing Your AWS Environment Against Supply Chain Threats

Last week, attackers poisoned the popular Nx build system on NPM with malicious versions that attempted to steal SSH keys, GitHub tokens, npm tokens, and AWS credentials. For many teams, that's a nightmare scenario. Let's look at what this attack tells us about securing AWS accounts against software supply chain threats.

AC

Andy Caine

Sep 3, 2025