The Forgotten Defenders: A Guide to HTTP Security Headers
Despite years of advancements in web security, many applications still lack one of the simplest, most effective defense mechanisms: HTTP Security Headers. Th...
Despite years of advancements in web security, many applications still lack one of the simplest, most effective defense mechanisms: HTTP Security Headers. Th...
How to Build, Ship, and Run Containers Without Opening the Front Door to Attackers
Threat modeling has evolved from a niche security task into a core part of modern software development. It’s not just for security engineers — it’s a tool pr...
Incidents happen. Maybe it was a misconfigured S3 bucket, a leaked token, or a logic bug that let a user see someone else’s data. The temptation after contai...
If there’s one thing nearly every developer has built at some point, it’s a login system. And why not? There are plenty of libraries to help, standards like ...
We’ve reached the end of the OWASP Top 10 in this OWASP Top 10:2021 series — and we’re finishing with a bang. SSRF is one of the most dangerous vulnerabiliti...
You Can’t Respond to What You Don’t See
Welcome back to this OWASP Top 10:2021 security series. Today, we’re stepping away from code bugs and logic flaws to talk about something much sneakier: trus...
Welcome back to this deep dive into the OWASP Top 10. Today we’re looking at something fundamental: authentication.
Welcome back to this OWASP Top 10 deep dive. Today’s topic — Vulnerable and Outdated Components — might not sound exciting at first, but it’s a silent killer...
Welcome to Part 5 of this OWASP Top 10 series. So far, we’ve covered insecure code, weak design, and architectural flaws. Now it’s time to talk about somethi...
Welcome to Part 4 of our OWASP Top 10:2021 series. So far, we’ve looked at hands-on, tactical flaws like Injection and Cryptographic Failures. But now we’re ...
Welcome back to this OWASP Top 10 series. So far, we’ve looked at Broken Access Control and Cryptographic Failures — both dangerous, both preventable. Now we...
Welcome to part two of this OWASP Top 10:2021 series, where I break down each of the top security risks, in a way that makes sense to everyday engineers. In ...
Welcome to the first post in this OWASP Top 10:2021 series, where I break down each of the top security risks. This is for engineers who may not be security ...