Technical writing
Field notes
Practical articles on legacy systems, security debt, and the engineering decisions that keep production software alive.
- securitywaflegacy systems
Virtual Patching: How to Protect Vulnerable Legacy Systems When You Can't Edit the Code
Upgrading legacy frameworks and dependencies to patch security vulnerabilities can take months. Virtual patching offers a way to block exploits at the network edge immediately—without touching a line of code.
Niclas Kusenbach - ux modernizationfrontendreact
Replacing a jQuery Frontend Without Touching Your Backend
Your backend works fine. Your frontend is the problem — slow, brittle, impossible to modify. Here's how to replace a jQuery frontend with React or Next.js while keeping the existing API completely unchanged.
Niclas Kusenbach - audittechnical debtdue diligence
How to Find Technical Debt Before an M&A Due Diligence
When a company is being acquired, the codebase becomes a balance sheet item. Technical debt you don't measure will show up as a write-down, a renegotiated price, or a failed integration. Here's what to audit and how to quantify it.
Niclas Kusenbach - migrationphplegacy systems
How to Migrate from PHP 5.6 Without Downtime
PHP 5.6 has been end-of-life since December 2018. If your production system still runs on it, you're operating without security patches, without modern language features, and without a future. Here's the practical playbook for migrating without taking the system offline.
Niclas Kusenbach - audittechnical debtarchitecture
What a Codebase Health Audit Actually Looks At
Most teams have a vague sense that their system has problems. A codebase audit turns that instinct into a prioritized, evidence-based action plan. Here's exactly what we examine and why it matters.
Niclas Kusenbach - architecturerefactoringmigration
When to Rewrite vs. Refactor — A Decision Framework for CTOs
The rewrite-or-refactor decision is one of the highest-stakes choices a technical leader makes. Both options carry real risk. Here's a structured framework for making the call — based on cost, risk, and business constraints, not emotions.
Niclas Kusenbach - securityowasplegacy systems
OWASP Top 10 for Legacy Apps — What You Need to Fix First
The OWASP Top 10 is the industry standard for web application security risks. But legacy applications face a different threat profile than modern ones. Here's which risks hit legacy systems hardest and where to focus your remediation effort.
Niclas Kusenbach - securityphplegacy systems
5 Security Risks in Abandoned PHP Applications (And How to Fix Them)
Most PHP applications written before 2018 were never designed to be secure — they were designed to ship. Here's what's lurking in your legacy codebase and how to fix it without a full rewrite.
Refound - migrationarchitecturerefactoring
The Strangler Fig Pattern: How to Modernize a Legacy System Without Stopping the Business
Big-bang rewrites fail at an alarming rate. The strangler fig pattern offers a disciplined alternative — replace a legacy system incrementally, piece by piece, while it stays live in production.
Niclas Kusenbach - phplegacy-migrationstrangler-fig
Zero-downtime PHP 5.6 to 8.3 migration: how we did it in 14 weeks
Migrating an 11,000-line legacy PHP application without breaking production. A practical guide to the strangler fig pattern in the real world.
Niclas Kusenbach