Skip to content
>_ITDITDWeb Security Platform
Cyber preparedness, command-center calm

Learn from real incidents. Defend your own site.

Not how to attack — how to defend, drawn from breaches that actually happened. Practical defense you can act on today, even without a security background.

Browse incidentsStart learning
itd@defense:~ — site-health.shLIVE
$  
  • >.env exposure[ Defended ]
  • >TLS / cert expiry[ Watch ]
  • >Dependency CVEs[ Critical ]
  • >Security headers[ Defended ]
  • >Secret in repo[ Defended ]
ONLINE5 Incidents9 Glossary2 By Stack3 History1 LearnDEFENSE-ONLY — NO ATTACK STEPS
01 — Sections

Where to start

Pick an entry point by goal. All free, no signup.

Incident Field Guide

Real web breaches broken down into cause, impact, first response, and prevention — so the same mistake doesn't happen twice.

$ Exposed .env, leaked API keys, DB dumps, misconfig.

Glossary

CVE, CVSS, RCE, SSRF, XSS, SPF/DKIM/DMARC — each term with a one-line answer and a plain explanation.

$ So jargon never trips you up.

Defense by Stack

WordPress, Laravel, Next.js, Docker, shared hosting, VPS — the risky defaults in your stack, made concrete.

$ Fixes that fit your exact setup.

History & Case Studies

Heartbleed, Log4Shell, XZ Utils — landmark events revisited for the lessons that still apply today.

$ History is the best teacher.

Learning Roadmap

From the absolute basics to lasting habits, with a 'read this next' path so you never get lost.

$ From zero, step by step.

Free Tools

Pre-launch checklist, incident-note anonymizer, calculators. Everything runs in your browser — nothing is sent to a server.

$ Runs entirely in your browser.

02 — Field notes

Written from real experience

Incidents the operator lived through, anonymized into lessons.

critical2026-06-07

AI-written code leaked an API key and ran up fraudulent charges — the real cause was an unpatched CVSS 10.0

The bill spike was a symptom. The real cause was an unpatched, public CVSS 10.0 RCE. An anonymized case, distilled into defensive lessons.

critical2026-06-07

Capital One breach (2019) — how SSRF leaked 100M+ records, and how to defend

A single SSRF reached the metadata endpoint → over-privileged IAM temporary credentials → bulk S3 copy, leaking ~106M records. Every hop could have stopped it. In your environment: IMDSv2, IAM least privilege, and an allowlist for outbound fetches.

critical2026-06-07

Codecov breach (2021) — when a 'trusted tool' in CI was hijacked and secrets leaked

A trusted CI tool (the curl|bash Bash Uploader) was altered upstream. Because your own code was untouched, it went unnoticed for ~2 months while CI secrets leaked; a checksum check caught it. In your CI: verify fetched artifacts, least-privilege secrets, rotation, egress monitoring.

03 — Our stance

What ITD stands for

A security product has to keep its own house in order.

We don't hold secrets

We never store your real API keys — only metadata. The safest secret is the one we can't leak.

Scan only what you own

Diagnostics run on verified domains only. Internal IPs and metadata endpoints are blocked — SSRF defense is built in.

Minimal blast radius

Isolation so one breach can't cascade. ITD itself runs on a dedicated, isolated host.

We dogfood ITD

ITD watches its own dependencies for CVEs. The incident that started this never gets missed by a human again.