The MCP Forge Blog
Practical guides on building MCP servers that are secure and lean.
The MCP Server Security Checklist
Auth, SSRF, secrets, validation, rate limiting, and token bloat, in one checklist.
How to add authentication to your MCP server
Shared bearer tokens, HS256 and RS256 JWTs, OAuth, and why you must fail closed.
SSRF in MCP servers: what it is and how to prevent it
How a fetch tool becomes a proxy into your network, and how to build a safe fetch.
How to cut your MCP token usage
Why five servers can cost 50 to 75k tokens per request, and five ways to fix it.
How to deploy a secure MCP server
Docker, Fly, Railway, or a VPS, with the security settings you must not skip.
Claude and Cursor MCP setup: a security-first guide
Add MCP servers without leaking secrets, your filesystem, or your context budget.