Writeups
Notes from breaking & fixing
Vulnerability research, exploit walkthroughs, retired-box reports, and AppSec patterns I learn the hard way so you don't have to.
- Research
Ghost AI: Architecture-First Engineering in the Age of AI Agents
A real-time collaborative workspace where you design systems instead of typing them — and the context-managed workflow that built it. Notes on what senior engineering looks like when implementation becomes a commodity.
- ai
- architecture
- next.js
- prisma
- postgres
- typescript
- tailwind
- liveblocks
- react-flow
- AppSec medium
Building jwt-scan: A CLI That Hunts the Five JWT Bugs From My Lab
Turning a vulnerability lab into a shippable scanner. From research artifact to npm package, with token-only and live-endpoint modes, in one weekend.
- jwt
- cli
- tooling
- appsec
- node
- typescript
- AppSec easy
JWT alg=none Bypass: When the Token Trusts Itself
How a one-line algorithm header turns authentication into security theater, and why allowlisting is the only fix.
- jwt
- auth
- owasp
- appsec
Categories:
AppSec Research
Tags:
#ai#appsec#architecture#auth#cli#jwt#liveblocks#next.js#node#owasp#postgres#prisma#react-flow#tailwind#tooling#typescript