Research Blog
Evidence-led field notes on JavaScript attack surface, frontend supply chain, Web3 trust, and domain security.
JavaScript runtime
8 articlesWhy Web3 frontends need runtime JavaScript monitoring
Why Web3 frontends need runtime JavaScript monitoring explains how to turn browser-observed frontend behavior into security evidence instead of relying only on repositories or deploy logs.
Service worker drift and persistent frontend compromise
Service worker drift and persistent frontend compromise explains how to turn browser-observed frontend behavior into security evidence instead of relying only on repositories or deploy logs.
Runtime CSP evidence for wallet-facing pages
Runtime CSP evidence for wallet-facing pages explains how to turn browser-observed frontend behavior into security evidence instead of relying only on repositories or deploy logs.
Runtime monitoring for governance portals
Runtime monitoring for governance portals explains how to turn browser-observed frontend behavior into security evidence instead of relying only on repositories or deploy logs.
Production minified bundle change review
Production minified bundle change review explains how to turn browser-observed frontend behavior into security evidence instead of relying only on repositories or deploy logs.
Browser permission prompts as frontend risk
Browser permission prompts as frontend risk explains how to turn browser-observed frontend behavior into security evidence instead of relying only on repositories or deploy logs.
Privileged admin frontend monitoring
Privileged admin frontend monitoring explains how to turn browser-observed frontend behavior into security evidence instead of relying only on repositories or deploy logs.
JavaScript attack surface review checklist
JavaScript attack surface review checklist explains how to turn browser-observed frontend behavior into security evidence instead of relying only on repositories or deploy logs.
Frontend supply chain
5 articlesThird-party JavaScript risk in Web3
Third-party JavaScript risk in Web3 gives teams a practical way to review the outside code that runs inside trusted browser sessions.
NPM package compromise impact on browser apps
NPM package compromise impact on browser apps gives teams a practical way to review the outside code that runs inside trusted browser sessions.
Why SRI is not enough for modern frontends
Why SRI is not enough for modern frontends gives teams a practical way to review the outside code that runs inside trusted browser sessions.
Chat widget risk on authenticated pages
Chat widget risk on authenticated pages gives teams a practical way to review the outside code that runs inside trusted browser sessions.
Self-hosting vendor scripts tradeoffs
Self-hosting vendor scripts tradeoffs gives teams a practical way to review the outside code that runs inside trusted browser sessions.
Exposed secrets
4 articlesExposed API keys in frontend JavaScript
Exposed API keys in frontend JavaScript separates acceptable public configuration from browser-shipped material that gives attackers capability or leverage.
Write-capable keys accidentally shipped to users
Write-capable keys accidentally shipped to users separates acceptable public configuration from browser-shipped material that gives attackers capability or leverage.
Cloud storage URLs exposed through source maps
Cloud storage URLs exposed through source maps separates acceptable public configuration from browser-shipped material that gives attackers capability or leverage.
Secret rotation workflow after frontend exposure
Secret rotation workflow after frontend exposure separates acceptable public configuration from browser-shipped material that gives attackers capability or leverage.
AI-era security
1 articlesDomain security
2 articlesNameserver drift detection for production domains
Nameserver drift detection for production domains maps domain-control posture to observable records, policies, and drift that defenders can retest.
Domain expiration monitoring for security teams
Domain expiration monitoring for security teams maps domain-control posture to observable records, policies, and drift that defenders can retest.
Email and brand abuse
1 articlesLookalikes and threat intel
2 articlesLookalike certificate issuance triage
Lookalike certificate issuance triage focuses on the evidence that separates noisy brand similarity from active abuse and urgent response work.
Threat-intel verdicts for executive reporting
Threat-intel verdicts for executive reporting focuses on the evidence that separates noisy brand similarity from active abuse and urgent response work.
Buyer education
3 articlesVendor security questionnaire evidence for Web3 teams
Vendor security questionnaire evidence for Web3 teams shows how to turn external security posture into evidence that buyers, partners, and internal owners can inspect.
Security checklist for token launch domains
Security checklist for token launch domains shows how to turn external security posture into evidence that buyers, partners, and internal owners can inspect.
Evidence pack for investor diligence
Evidence pack for investor diligence shows how to turn external security posture into evidence that buyers, partners, and internal owners can inspect.