Hacker News: kyuradarhttps://news.ycombinator.com/user?id=kyuradarHacker News RSShttps://hnrss.org/hnrss v2.1.1Thu, 23 Apr 2026 07:29:08 +0000<![CDATA[New comment by kyuradar in "Trappsec – Deception as a Developer Tool"]]>A video explainer - https://www.youtube.com/watch?v=Tke40NKbYxk

trappsec is an open-source framework that helps developers detect attackers who probe API business logic. By embedding realistic decoy routes and honey fields that are difficult to distinguish from real API constructs, attackers are nudged to authenticate converting reconnaissance into actionable security telemetry. I'm looking for early adopters to help with feedback and refining the direction and form of this framework.

]]>Sat, 18 Apr 2026 19:13:54 +0000https://news.ycombinator.com/item?id=47818651kyuradarhttps://news.ycombinator.com/item?id=47818651https://news.ycombinator.com/item?id=47818651<![CDATA[Trappsec – Deception as a Developer Tool]]>Article URL: https://trappsec.dev

Comments URL: https://news.ycombinator.com/item?id=47818650

Points: 3

# Comments: 1

]]>Sat, 18 Apr 2026 19:13:54 +0000https://trappsec.devkyuradarhttps://news.ycombinator.com/item?id=47818650https://news.ycombinator.com/item?id=47818650<![CDATA[Show HN: Trappsec – Active Defense via Business Logic Deception]]>Article URL: https://trappsec.dev

Comments URL: https://news.ycombinator.com/item?id=47661913

Points: 2

# Comments: 0

]]>Mon, 06 Apr 2026 15:07:19 +0000https://trappsec.devkyuradarhttps://news.ycombinator.com/item?id=47661913https://news.ycombinator.com/item?id=47661913<![CDATA[New comment by kyuradar in "Ask HN: What are you working on? (February 2026)"]]>I'm working on trappsec - an experimental open source framework that helps developers detect attackers who probe API business logic.

By embedding realistic decoy routes and honey fields that are difficult to distinguish from real API constructs, attackers are nudged to authenticate — converting reconnaissance into actionable security telemetry.

github: https://github.com/trappsec-dev/trappsec

docs: https://trappsec.dev

]]>Wed, 11 Feb 2026 11:58:32 +0000https://news.ycombinator.com/item?id=46973868kyuradarhttps://news.ycombinator.com/item?id=46973868https://news.ycombinator.com/item?id=46973868<![CDATA[Show HN: Trappsec – detect attackers probing API business logic]]>Article URL: https://github.com/trappsec-dev/trappsec

Comments URL: https://news.ycombinator.com/item?id=46882024

Points: 1

# Comments: 0

]]>Wed, 04 Feb 2026 06:03:12 +0000https://github.com/trappsec-dev/trappseckyuradarhttps://news.ycombinator.com/item?id=46882024https://news.ycombinator.com/item?id=46882024<![CDATA[Show HN: Trappsec – open-source library to catch attackers probing your API]]>WAFs and most traditional detection tools are blind to business logic abuses. They can catch a SQL injection pattern, but they can't tell if a legitimate user is probing for privilege escalation, IDOR or mapping out your internal API structure. I built trappsec to cover this gap - with decoys that are difficult to distinguish from real API resources. By treating your API surface as a defensive asset, you generate high-confidence alerts that contain intent and identity attribution.

I am currently looking to collect as much feedback as possible on the core concepts and API design.

I currently support Flask, FastAPI and ExpressJS. Post feedback, will then proceed with porting this to the top 2-3 web frameworks in other relevant languages (Go, Ruby, Java etc.)

Comments URL: https://news.ycombinator.com/item?id=46872263

Points: 2

# Comments: 0

]]>Tue, 03 Feb 2026 15:33:33 +0000https://trappsec.dev/kyuradarhttps://news.ycombinator.com/item?id=46872263https://news.ycombinator.com/item?id=46872263