Latest

Aug
24
Forget DevSecOps and ShiftLeft

Forget DevSecOps and ShiftLeft

🪄Integrating Security Seamlessly In this article, we're about to spill the beans on why this approach rocks, answer
4 min read
Jul
22
Storytelling vs Describing, when introducing a scene

Storytelling vs Describing, when introducing a scene

5 min read
Jul
04
Unspoken Emotions in Fiction writing

Unspoken Emotions in Fiction writing

4 min read
Jun
28
My fiction publishing journey

My fiction publishing journey

6 min read
May
31
Hawk Authentication bug - Firefox Accounts payload bypassing integrity validation

Hawk Authentication bug - Firefox Accounts payload bypassing integrity validation

HawkAuth protocol is widely adopted by Firefox Accounts and appears in Postman in a very short list of supported API
9 min read
May
25

The Imperative of Persistent CSRF Tokens (Video)

A brief on Cross-Site Request Forgery Cross-Site Request Forgery (CSRF) attacks, capable of duping a user into performing an unintended
5 min read
Apr
06

JWT: A Cryptographic Love Story with Security, Vulnerabilities, and a State of Confusion

Folks, remember to be careful with your JWTs. Use strong cryptographic algorithms, manage those secret keys like they're
15 min read
Aug
01

Certificate Pinning is powerful, but you probably shouldn't use it

Let's be clear about Certificate Pinning. It IS extremely useful. It IS valid, if you follow 1 rule,
1 min read
Jun
30

JWT Patterns that provide real security benefits

Throughout this post we will keep an YUK WORD tally of things that are not security characteristics of JWT, that
15 min read
Jun
29

Really giving a jot about JWTs

Instacart Sr Security Engineer David Gillman (or Gilman? Either OWASP or LASCON got it wrong) presented a talk in 2021
2 min read