Search results for Secure Coding

Building MCP servers that don't get hacked: 22 security checks every developer needs

I audited 50 open-source MCP servers last month. 43% had command injection vulnerabilities. Here are the 22 checks that will save you from shipping a backdoor. MCP (Model Context...

Your Rails app can be perfectly secure…

Your Rails app can be perfectly secure… and still get rooted in seconds.

38% of MCP servers have no auth -- inside the OWASP MCP Top 10

I installed 14 MCP servers last month. Then I read the CVE list. I've been running MCP servers in production since late 2025 -- connecting Claude to my accounting tools, project...

Top 10 Best Secure Code Review Services For Developers in 2026

In the rapidly evolving landscape of software development, where speed and agility often take precedence, the imperative for robust security cannot be overstated. With cyber threat...

Beyond the Vibe: Why “Secure by Default” is the Only Way to Build in 2026

Beyond the Vibe: Why "Secure by Default" is the Only Way to Build in 2026 We’ve all been there. You’re trying to complete a simple task—in my case, registering...

Two Agent Skills to Help With Prompt Security

Originally appeared on All about code - Ruby and Rails technical content written by Lucian Ghinda.When you build a product that uses LLMs and prompts, security becomes a specific k...

Stopping bugs before they ship: The shift to preventative security

Secure software starts before coding begins. Threat modeling, safer defaults, dependency hygiene, and developer workflow guardrails can help prevent vulnerabilities.

Designing a Secure API From Day One

Most APIs get secured after something breaks. A token leaks, an endpoint misbehaves, a pen test surfaces, an authorization gap. Suddenly, the team is patching a live system under p...

Critical Claude Code Flaw Silently Bypasses User-Configured Security Rules

Anthropic’s flagship AI coding agent, Claude Code, was recently discovered to contain a critical security flaw that silently bypasses developer-configured safety rules. The vulnera...

Treat PII as Toxic: Designing Secure Systems That Contain the Blast Radius

PII Is Not "Just Another Field" Most engineers treat all data in the same way, regardless of what it is. Names, Emails, Phone numbers, SSNs, etc., are stored as just another column...

Beyond the cleanup job: Redefining application security for the modern enterprise

Secure-by-design is no longer just a developer concern. Enterprise leaders must treat application security as a board-level responsibility, with accountability, incentives, and cus...

Secure Access Tokens in Web Applications: A Practical Guide From the Field

I’ve spent years reviewing applications after security incidents, conducting code audits, and helping teams rebuild trust after token misuse exposed sensitive data. If there’s one...

The VibeSec Reckoning

Vibe coding has significantly accelerated software prototyping but AI agents frequently recommend insecure configurations, creating security problems. Gautam Koul, Luci...

Rails Security Best Practices: A Comprehensive Guide

Originally appeared on Saeloun Blog.Rails gives us a strong security baseline. It does not make an application secure by itself. That distinction matters. Most real Rails security...

Anthropic's new Claude Security tool scans your codebase for flaws - and helps you decide what to fix first

It uses Opus 4.7 to scan, validate, and generate patches, helping fix dangerous flaws before they can be exploited.

ESX Security Advice that Actually Matters in 2026

AI coding CLIs face TrustFall risk from one-click MCP server execution

Security researchers at Adversa have detailed the AI coding CLIs TrustFall issue, which involves project-defined Model Context Protocol servers in terminal-based coding tools. Afte...

Claude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection Attacks

LayerX researchers have discovered how to bypass Claude Code’s safety rules using the CLAUDE.md file. This exploit allows…

Code Security Remediation: What 50,000 Repositories Reveal About PR Scanning

Security teams have gotten good at finding vulnerabilities. Fixing them has always been the hard part. An analysis of remediation patterns across 50,000+ actively developed reposit...

You Secured the Code. Did You Secure the Model?

Your team just shipped an AI-powered feature. You scanned the code. Passed SAST. Reviewed the PR. Green across the board.  But here’s what you probably didn't scan: the model weigh...

The database has to be a defensive boundary again

For two decades the database has been able to outsource trust to the application layer. The app authenticated users, sanitized inputs, enforced business rules, and the DB just exec...

4 Ways Your AI Coding Agent Exfiltrates Secrets

AI coding agents like Claude Code, Cursor, and Windsurf read your environment variables, config files, and source code. They also make HTTP requests to install packages, call APIs,...

Endor Labs Launches Agentic Code Security Benchmark, Finds Top-Performing AI Coding Agents Pass Tests But Still Fail Sec...

Endor Labs announced the launch of the agentic code security benchmark, extending the existing SusVibes framework from leading academic researchers

Detecting Bugs and Vulnerabilities in Java With SonarQube

The security audit report landed unexpectedly. It highlighted a critical vulnerability in our payment processing module. We had passed all unit tests. We had passed all integration...