profile

Eliran Turgeman

Don't Get Hacked

Engineering for builders without a security team

Security fundamentals for builders shipping real products with AI. I break down how production systems actually fail, and how to avoid getting hacked before you have a security team.

Posts
Mar 28

Every Package You Install Can Read Your Secrets

Did someone forward you this? Subscribe to this newsletter. Eliran Turgeman April 24 Every Package You Install Can Read Your Secrets You add a package, CI installs it, and the same environment can read your database URL, your Stripe key, your OpenAI key, and your deploy token. At that point you are not just adding a library. You are allowing third-party code to run inside a process that already has access to things you care about. That is why dependency compromises so often turn into secret...

READ MORE
Mar 21

How Attackers Drain Your Cloud Budget

Mar 14

How to Not Get Hacked Through File Uploads

Mar 07

How Injection Keeps Breaking Real Systems

Mar 01

Threat Modelling for Builders

Feb 24

A Builder's Guide to Not Leaking Credentials

Feb 20

CSRF for Builders

Feb 18

Practical Security Audit for Builders