$ ls -la ~/writes/
// Security research · Dev tutorials · Architecture deep-dives
OWASP Top 10 in Next.js Apps: What Most Guides Miss
Most OWASP guides are framework-agnostic. Here's what the Top 10 actually looks like in a Next.js production app — with real code examples and how to fix each one.
Eventual Consistency Isn't an Excuse: Practical Patterns for Fintech
"Eventually consistent" is often used to hand-wave correctness problems. Here's how to reason about consistency guarantees in financial applications where eventual isn't good enough.
OWASP Top 10 in Next.js Apps: What Most Guides Miss
Most OWASP guides are framework-agnostic. Here's what the Top 10 actually looks like in a Next.js production app — with real code examples and how to fix each one.
Secure SDLC for Teams That Don't Have a Security Team
Most secure SDLC frameworks are written for enterprises with dedicated AppSec teams. Here's a practical version for 3–10 person engineering teams shipping fast.
Eventual Consistency Isn't an Excuse: Practical Patterns for Fintech
"Eventually consistent" is often used to hand-wave correctness problems. Here's how to reason about consistency guarantees in financial applications where eventual isn't good enough.
Docker Security Hardening: The Basics Most Devs Skip
Running Docker in production with default settings is like leaving your front door unlocked. Here are the 8 security hardening steps that should be standard practice.
Need This Implemented?
Reading about security is one thing. Shipping secure code is another.
$ ./start_engagement