@sd141414: A vibe-coding platform worth $6.6B had a broken-access bug live for 48 days. Not a breach. Nobody hacked in. The app checked if you were logged in. It never checked if the record was yours. I put this exact check, and four others, in a free checklist for anyone about to face a security review. Most teams find out about item one the hard way. See production blueprint in bio for this and other free resources #SystemsThinking #SoftwareArchitecture #AIEconomics #SaaSKiller
Please use your own words - I can’t stand those AI phrasings anymore.
2026-07-05 20:05:23
5
Raj—> :
It's exceptionally difficult for experienced senior developers to make an app from scratch... why are people trying to vibe them? That makes zero sense...
2026-07-05 22:37:30
1
Ty_ :
thats just a simple IDOR, low level vulnerability
2026-07-06 06:22:19
0
Alpha.prompts :
we have a term in Cybersecurity for this its very common in bug bounties too.
its called IDOR it falls inder BAC or broken access control. and the acronym stands for insecure direct object reference. if ur building ur own app make sure to always and i mean always have detailed and indepth tested access control. a good principle to hold is that ur server should always recheck if that identifier belongs to the client based on their cookies (auth) otherwise it should just fail loud with a generic 403 unauthorized access
2026-07-05 19:39:06
2
nobody :
This is bad programming that humans do too.
2026-07-05 21:05:00
2
Professor Farnsworth :
That is a common bug in the old days before ORMs, if with ORMs it still happens. Just fetch records with respect to an authenticated object User, Organisation, Account etc then it can't happen.
2026-07-05 21:12:35
1
J :
this is why ive been 2 weeks away from beta since november
2026-07-05 21:50:03
0
DataAnalystNi :
Hi Steve, may I know your thoughts on Ontologies in Information System, so far I understand that if companies are not implementing ontologies they are basically primitive.
2026-07-05 22:16:50
0
Arden hertz :
Finding solid projects and coins after they trend is too late. A few of us use insiders info and tool that tracks coins before they are released and stealth launches before the public pump. The entries have been incredible, I can put you on.
2026-07-06 05:31:23
0
alyssasw4g :
@ENTHAN _DIGITAL_SUPPORT Notify🥰
2026-07-06 01:00:38
0
TAZUBUY :
🙏🙏🙏
2026-07-06 00:35:50
0
Lars Verheyen :
Alles war klar und ehrlich.@Maryam | Händler | Mutter ✨
2026-07-06 02:07:48
0
To see more videos from user @sd141414, please go to the Tikwm
homepage.