I got my weekly TL;DR Sec newsletter on Thursday morning. I regularly browse the headlines for fun things to check out whenever I might have some actual downtime. I noticed a post about XSS in Swagger UI at: Hacking Swagger-UI - from XSS to account takeovers I did the usual perusal, noted down the concerns, and...

Password managers are all the craze nowadays. The general advice seems to be something along the lines of: “use a password manager, set a unique password for every site, and be less stressed about remembering a million things”. It’s safe to say that more and more people are being pushed to use password managers. And by...

Writing an app for the Atlassian cloud platform? Were you aware you need to meet security requirements for your app? Does this all seem oddly specific for a random blog post? Is it truly a cliche to start a post with a collection of questions? – Probably. I’ll stop now. In today’s post, I’m going to describe how you...

I was recently working on a security review, and I came across an anti-pattern I’ve seen time and time again. Sure, it might be obvious, but this was a relatively tenured developer who suggested this particular solution. It’s seemingly pervasive enough that it warrants digging into. So, with that in mind, let’s chat...

👋 Hello, hello. I’ve recently become more and more involved with a few different crypto projects. Presearch was one of the first few I came across that I truly liked. It’s definitely in its infancy, but I love the idea of a better search solution that tracks less of you. And hey, you get rewarded PRE tokens for...