https://securecode.dev/categories/product-security/Recent content in Product Security on securecode.devHugoen-usSun, 26 Apr 2026 00:00:00 +0000https://securecode.dev/insights/threat-modeling-modern-apis/Sun, 26 Apr 2026 00:00:00 +0000https://securecode.dev/insights/threat-modeling-modern-apis/<p>Threat modeling APIs is often reduced to a short checklist around authentication and transport security. That rarely surfaces the issues that matter most. Real API risk tends to come from workflow design, trust assumptions between services, and weak authorization at object or action boundaries.</p>https://securecode.dev/insights/practical-product-security-reviews/Thu, 09 Apr 2026 00:00:00 +0000https://securecode.dev/insights/practical-product-security-reviews/<p>Product security reviews are easy to make expensive and hard to make useful. A review that produces a long list of generic best practices may look thorough while still failing to help the team make better decisions.</p>