Skip to main content
Projects Live

NullBreach

The developer pastes a code snippet and gets an immediate diagnosis against OWASP Top 10. They can keep asking in an AI chat that remembers the thread, without repeating context or switching between tools.

By Valentina Ramírez · Updated: June 19, 2026

View live site View repo

Summary

Full stack app: paste a code snippet and get an immediate OWASP Top 10 diagnosis, with a persistent-context AI chat (Claude API). Django, DRF, PostgreSQL, React, Astro.

Stack
DjangoDRFPostgreSQLJWTClaude APIReactTypeScriptAstro
01

The problem

Reviewing code with OWASP criteria or resolving a specific cybersecurity question means jumping between heavy scanners, scattered documentation, and outdated forums.

02

What I built

  1. 01

    Static code fragment analysis engine: detects SQL injection, XSS, hardcoded secrets, insecure error handling, and other OWASP Top 10 vulnerabilities.

  2. 02

    Integrated AI chat via Claude API with persistent conversation context and per-user history stored in the database.

  3. 03

    JWT authentication with protected endpoints; paginated responses.

  4. 04

    Decoupled architecture: backend in Django REST Framework + PostgreSQL, frontend in Astro + React + TypeScript.

03

Architecture decisions

1. Static analysis + LLM: separate certainty from suggestion

Context
Static analysis produces deterministic findings. An LLM produces probabilistic suggestions. Mixing them without distinction erodes trust in a security product.
Trade-off
A single combined response is simpler to build but trains users to distrust both signals.
Decision
The static engine asserts with certainty; the model suggests. Results are presented as separate layers with explicit labeling of their nature.

2. Persistent chat context per user

Context
Security questions have context: a developer does not repeat the full background on every message.
Trade-off
Stateless chat is simpler but forces the user to repeat context and breaks the analysis thread.
Decision
Conversation history stored in the database and sent as context on each request. The model remembers the thread without the user repeating it.
04

Results

  • Static analysis in production that detects OWASP Top 10 vulnerabilities (SQL injection, XSS, hardcoded secrets, and insecure error handling, among others) on code snippets pasted by the user.

  • Security chat with persistent context and history per user: the conversation retains the thread between messages instead of starting from scratch on each query.

  • Protected access with JWT authentication and paginated responses, on a Django REST Framework + PostgreSQL backend decoupled from an Astro + React frontend.

05

Learnings

  • Combining deterministic static analysis with an LLM requires separating what the engine asserts with certainty from what the model suggests: presenting them as a single response erodes trust in a security product.

  • Decoupling the Django backend from the Astro frontend imposed an explicit API contract from the start; that boundary forced thinking about pagination, JWT authentication, and history persistence as part of the design, not as later additions.

One click away

Your next idea deserves
code that can carry it.

I design and build complete products: from the backend to the interface your users love. With integrated AI and security by design.

Projects from COP 2,000,000 / USD 500 depending on scope (MVP from 3-6 weeks).

Limited availability, I respond within 24h.

Start my project See services