9 mars 2026
62 min
SaaS security is where solo founders get ended — not slowed down, ended. One incident isn't a PR hiccup. It's terminal. The Verizon 2024 Data Breach Investigations Report found that 38% of all breaches used compromised credentials, with an average dwell time of 292 days before detection. For a bootstrapped founder, that's a death sentence. This episode covers why building your own auth is architectural negligence in 2026, the real cost math on Clerk vs Auth0 vs Supabase Auth (Clerk hits $1,825/month at 100K MAUs — Supabase costs $188 for the same load), and the AppSec Santa 2026 study finding that 25.1% of AI-generated code contains confirmed exploitable vulnerabilities. Plus the SoupExplorer January 2026 report that found 1 in 9 indie Supabase apps actively leaking their database keys to the public internet — and exactly how that happens. Covers SSRF, broken object-level authorization, SQL injection in AI code, Supabase RLS misconfiguration, indirect prompt injection (including the zero-click EchoLeak CVE-2025-32711 exploit), MCP attack vectors, secrets management with Doppler, WAF padding evasion, and the minimum viable security posture that actually works without a DevOps team.
Lyssna på fler avsnitt från
Vibe Coder’s Manual
Visar 1–10 av 11 avsnitt
24 februari 2026
36 min
24 februari 2026
38 min
24 februari 2026
27 min
3 mars 2026
52 min
16 mars 2026
36 min
23 mars 2026
39 min
30 mars 2026
51 min
7 april 2026
42 min
14 april 2026
49 min
21 april 2026
47 min