Security for Builders
Most security content is written for security people. This one's for the rest of us.
No spam. Unsubscribe anytime.
Recent deep-dives
- How Injection Keeps Breaking Real Systems — SQL injection, command injection, and why they still happen
- CSRF for Builders — practical defenses: tokens, SameSite cookies, what actually works
- Threat Modelling for Builders — hands-on STRIDE for engineers, not security consultants
- A Builder’s Guide to Not Leaking Credentials — how secrets leak in real codebases
Open-source tooling
I maintain code-security-skills — an AI agent skill that scans your codebase for leaked secrets, vulnerable dependencies, injection patterns, and infrastructure misconfigs. Tell your coding agent to “run a security scan” and get a prioritized report. Works with Copilot, Codex, and Claude Code.
Written by Eliran Turgeman — backend engineer at Microsoft, working on application security.
No spam. Unsubscribe anytime.