Security
Every post tagged "Security" · articles, case studies, guides.
- 01→
The 2026 smart contract security checklist before you ship
A smart-contract bug is permanent and the funds are real. Here's the engineering checklist a contract should clear before it touches mainnet - exploit classes, real testing, the audit, and a careful deploy.
Blockchain & smart contracts - 02→
Smart contract audit pricing in 2026: €4k vs €15k vs €60k
Most "audit" quotes range from €1k to €120k for the same 600-line Solidity file. Here's what actually justifies each tier - and which numbers are theatre.
Blockchain & smart contracts · Cybersecurity - 03→
NIS2 readiness for EU SaaS · the 90-day playbook
NIS2 is in force. EU SaaS teams that wait for the first incident to do the paperwork have already lost the audit. Here's the 90-day plan we run on every cybersecurity engagement.
Cybersecurity - 04→
OWASP LLM Top 10 v2 · what changed and what to ship
v2 of the LLM Top 10 reorganised around how teams actually get hit. Here is what moved, what is new, and the default controls we ship.
Cybersecurity - 05→
The CSP we ship · with notes on why each directive is there
Most CSPs in the wild are either too loose to matter or so strict the site breaks. Here is the one we ship, annotated.
Cybersecurity · Websites, web apps & online shops - 06→
Signed-firmware OTA pipeline · the 2026 default we ship
A production OTA pipeline is more than 'push a new .bin'. Here is the signed, staged, rollback-ready version we default to.
Custom software · everything else - 07→
Agentic AI · the safe tool-use pattern we ship by default
Agentic AI that can send email and move money is not just a chatbot. Here's the safe tool-use pattern we ship.
AI solutions · Cybersecurity - 08→
Solana smart contract gotchas every Anchor dev hits in 2026
Solana is not Ethereum-with-better-TPS. Seven differences that bite every team coming from EVM.
Blockchain & smart contracts - 09→
Multi-tenant SaaS on Postgres · the RLS-first playbook
Building multi-tenant SaaS on Postgres? RLS is non-negotiable. Here's the playbook we ship.
Websites, web apps & online shops · Cybersecurity - 10→
EIP-712 meta-transactions: secure gasless UX, explained
Gasless UX is a product win. Meta-tx relayers are a security surface. Here's how to ship both safely.
Blockchain & smart contracts · Cybersecurity - 11→
NIS2 for SaaS: minimum checklist for 2026
What NIS2 actually demands from a mid-size SaaS: incident reporting, supply-chain, access control, and 3 basic rules we run ourselves.
Cybersecurity - 12→
LLM prompt injection playbook · the 2026 attack surface
The prompt injection surface is not a single bug · it's five categories, each with a distinct defence. Here's our playbook.
AI solutions · Cybersecurity - 13→
Smart contract audit checklist · the one we actually use
A checklist for the last days before mainnet: threat model, tests, fuzz, deploy, monitor · 30+ items we never skip.
Blockchain & smart contracts · Cybersecurity
Liked what you saw? Let's build yours.
Short email or a 30-min call · 24h reply.
Start a project