A guide to writing unit tests in ASP.NET Core to automatically verify that security attributes like AuthorizeAttribute are applied to controllers and actions.
A technical guide on securing Kubernetes services using NGINX Ingress Controller, covering TLS setup, whitelisting, and rate limiting.
How to detect Right-to-Left Override (RLO) characters in filenames using Python's unicodedata module to prevent malicious file spoofing.
A technical guide to building and enhancing a secure, accessible login form with HTML validation, security best practices, and UX improvements.
A tutorial on implementing a custom HTTP Basic authentication scheme within the ASP.NET Core 2.0 authentication framework.
Analyzes the recent panic over npm security, arguing it's based on social engineering in PRs, not a flaw in npm itself.
Argues against abandoning Firefox over recent controversies, comparing privacy implications of switching to Chrome/Chromium or using forks.
A guide to using NoScript 10.x in Firefox, covering its new UI, trust levels, and configuration for privacy and security.
A guide to applying authorization globally in ASP.NET Core, covering single-policy and multi-policy scenarios using filters and conventions.
A technical guide on creating a Hashicorp Vault authentication token with permissions only to seal the vault, including policy creation and token generation.
A quick guide on using PowerShell to change the friendly name of a certificate, highlighting a simple command for system administrators.
Five practical security and usability improvements for the Django Admin interface, including URL changes, environment indicators, and 2FA.
A guide to building a dedicated homelab server for running development VMs, covering the benefits of isolation and hardware selection.
A reflection on teaching basic cryptography to children, highlighting the importance of usable security through historical ciphers like the rail fence and Caesar cipher.
A guide on protecting API keys in Python applications by storing them in a separate config file and using .gitignore to prevent exposure on GitHub.
A guide to implementing HTTP Public Key Pinning (HPKP) for enhanced security in ASP.NET Core applications, covering benefits and risks.
Explains how to implement HTTP Strict Transport Security (HSTS) in ASP.NET Core to enforce secure HTTPS connections.
A tutorial on creating custom middleware in ASP.NET Core to automatically redirect HTTP requests to HTTPS for improved security.
A technical guide on using PowerShell to read, analyze, and validate certificates within PFX files, including trust chain inspection.
Explains why protocol-relative URLs (//example.com) are harmful for security and compatibility, advocating for absolute HTTPS URLs instead.
