Bipul

Day 50-56 ✅ Spent the last week building ZenCash - an AI-powered finance platform with: 🤖 AI receipt scanning 📈 Budget tracking & alerts 📧 Monthly reports ⚡ Real-time transactions Built with Next.js 15, @inngest , @arcjet & more. Thanks @Piyush_eon for the guidance! 🙌

@rrrautela Amazing consistency bro 🫡

1K finally🥂

@Anishdotcom Badia anish bhai

@NullPointerzx Thanks btw kaise ho bhai?

Day 13/14: Backend Security Fundamentals One vulnerability can destroy your entire app. Data leaks. Accounts hijacked. Reputation gone. Lets try to understand how real backends defend themselves Topics: • CORS • CSRF & XSS • SQL Injection • Rate limiting • Security headers • Secrets management Defense in depth. 1/ Security Isn’t Optional Attackers don’t wait for you to “finish building”. Bots constantly scan APIs for: • Open endpoints • Weak auth • SQL injection • Missing limits Security mindset: • Assume input is malicious • Every endpoint is attackable • Validate everything • Add multiple layers Build security from day one. 2/ CORS — Who Is Allowed to Call Your API Frontend: yourapp.com Backend: api.yourapp.com Browser blocks requests by default. Why? So random sites can’t use your logged-in session. Your API must explicitly allow origins. Good: Allow only your frontend domain. Bad: Access-Control-Allow-Origin: 3/ CSRF — Requests Made Without You Knowing You’re logged into your bank. Visit evil site. Hidden request fires: /transfer?amount=1000 Browser sends cookies automatically. Money gone. Prevention: • CSRF tokens • SameSite cookies Auth alone doesn’t stop CSRF. 4/ XSS — Injecting JavaScript Into Your App Attacker stores: Other users open page. Script runs in their browser. Result: • Session stolen • Accounts hijacked • Pages modified Prevention: • Sanitize input • Escape output • Never use innerHTML with user data Tools: DOMPurify, modern ORMs. 5/ SQL Injection — Database Killer Input: admin' OR '1'='1 Query becomes always true. Login bypassed. Worse: ; DROP TABLE users; Entire database deleted. Prevention: Never build queries with strings. Always use parameterized queries. ORMs handle this for you. 6/ Rate Limiting - Stop Bots Without limits: • 10k password attempts • API scraping • DDoS With limits: Login → 5 tries/min Reset → 3/hour Public → 1000/hour Store counters in Redis. Return 429 Too Many Requests. Real users pass. Attackers fail. 7/ Security Headers (Helmet.js) Browsers respect security headers. Helmet sets them automatically: • Prevent clickjacking • Force HTTPS • Block MIME attacks • Reduce XSS One middleware. Multiple protections. Production standard. 8/ Secrets Management Never hardcode: • API keys • DB passwords • JWT secrets Bad: Commit to GitHub. Good: • .env locally • .gitignore it • Production env variables • Cloud secret managers Rule: Secrets live in environment, never code. 9/ Input Validation Users send garbage. Validate: • Types • Formats • Length • Allowed values Client validation = cosmetic. Always validate on server. Libraries: express-validator, Joi, Zod Never trust user input. 10/ Auth Security Basics Passwords: • Bcrypt hashing • Min length • Block common passwords Tokens: • Short-lived JWT • Refresh tokens • Secrets in env Protection: • Lock after failed attempts • Rate limit login • httpOnly cookies • SameSite=Strict Layers matter.

What is the solution?

@nitesh_backdev Nice

@NullPointerzx I am also sometimes

Solve some #leetcode yesterday , but was way too tired and fogot to post it.

@ravikiran_dev7 Sure

@NullPointerzx Let's connect 🙌🏻

@B_Furqan07 Sure

@NullPointerzx Let's connect

@SaahilxRajput Thanks bro

@NullPointerzx Keep going bro

@hitesh_ml Happy birthday 🎂

Balloons on the profile

@Wannabe_01_ Congrats for job man

#Day207 of grinding until I land a job!🚀 - Find a Peak Element II - Joined a startup, but I don't know why I'm not happy. I think I deserve better than this :) Let's see what happens... #DSA #100DaysOfCode #ALGO #LeetCode #GFG

@bixbycodes Happy birthday bhai 🫂

Meaning of this..??

@abdullahatif07 Thanks bro

@NullPointerzx Ooh great 👍

@confusedpiyush Give me review after you read it...

Bought this book today , I heard it helps to improve communication Communication is very imp in tech community, so let's see how much I can improve 👍

@VarunGangwar07 🥲

@NullPointerzx Laziness 🥱🥱

@AtifaTahreem 😂🤣

POV: When small accounts say their reach is dead like bro did you even have reach before?? 😭😭

@Coding_Sage Nice work bro

Day 28 of #100DaysOfCode [5 hours Grind 🔥] Studied the research paper Attention Is All You Need. Understood how the first Transformer model was built and how it works. Learned why training AI purely on synthetic data leads to poorer outputs. #buildinpublic #100xdevs

@TechDsa That is lot of ques 🫡

Did some Leetcode today.

@anjany06 Nice consistency bro 🫡

112 contributions in January. A Good Start of 2026 Let’s see what coming months brings. github.com/anjany06 Show me yours 👇

@johnvesslyalti Where are you seeing the code 💀

What should i add more to the setup?

@Nooooo37447629 Dsa on grind

Day 61/100 💻🔥 Solved today: Jump Game (0ms, 100% runtime) Find Missing & Repeated Values (POTD) Greedy + array grind. Consistency stays undefeated. #100DaysOfCode #LeetCode #POTD #DSA #BuildInPublic

@Pratikshak19332 @LeetCode Nice work

🔥 486 Days of @LeetCode #POTD! Problem: Smallest letter greater than target Linear scan → ith letter > target, else first element Binary search → smallest letter > target, else first element ⏱ O(n) → optimized to O(log n) | O(1) #LeetCode #DSA #BinarySearch #JavaScript