Author: Arie

Domain ownership verification is a fundamental security mechanism that proves you control a specific domain. Whether you’re setting up email authentication, SSL certificates, or integrating third-party services, understanding domain verification methods is essential for modern web development. In this article, we’ll explore the three most common verification methods, their trade-offs, and practical implementation patterns. I

For over 20 years, static application security testing (SAST) has been the foundation of secure coding. However, beneath the surface, many legacy SAST tools still operate using basic techniques such as regular expressions and lexical pattern matching; essentially, sophisticated versions of the Unix command grep. As a result, most SAST tools suffer from what I

What Makes a Change Irreversible? Reverting a line of code is easy, and most of the time, firmware is backward-compatible. But what if a piece of hardware is specifically designed not to take older firmware, and the only option is to fix it with a new version?  You could argue: Why design the hardware in

The VP of Engineering at a mid-sized SaaS company told me something last month that stuck with me. His team had grown their codebase by 340% in two years, but headcount in security had increased by exactly one person. “We’re drowning,” he said, gesturing at a dashboard showing 1,847 open vulnerability tickets. “Every sprint adds

Challenge: When Agentic Bots Become Primary Data Reader In large data platforms, AI agents now execute more data queries than human users. For teams that are running thousands of internal services, it is very common to have hundreds or thousands of agentic bots querying data: a “Supply Chain Optimizer” reading manufacturing logs, a “System Quality

Why Prompt Injection Is the New Surface Attack and So Difficult by Design In December 2023, a Chevrolet dealership made headlines when users coaxed its ChatGPT-powered chatbot into “agreeing” to sell cars for $1. Just months earlier, in February, Microsoft’s Bing had exposed its hidden “Sydney” persona, venting irritation at users and sparking widespread alarm

In my previous article, I covered DPoP for securing the credential issuance (VCI) flow. This follow-up focuses on the Verifiable Presentation (VP) flow, in which a wallet presents credentials to a verifier. The VP Security Challenge Before HAIP, VP flows had significant vulnerabilities:

Most users tap Pay on Android and assume it’s simple. Behind that one tap, your app is juggling PCI rules, device security, fraud checks, and 3DS — usually inside a tight latency budget measured in hundreds of milliseconds. If all of that logic lives in scattered checks, random API calls, and duplicated business rules, it

The security engineer’s face went pale when she pulled up the access logs. Her team had deployed a fraud detection model to production three weeks earlier — standard stuff, containerized inference running on Kubernetes. Except someone had been quietly exfiltrating the model weights for the past eleven days through an API endpoint they’d forgotten to

The first time I wired an agent to real enterprise systems, it felt like I’d unlocked a cheat code. I had a clean, repeatable pattern: the model asks, a server answers, and suddenly the agent can do things.  Then the uncomfortable thought hit: If I can plug in a new tool in an afternoon, an