A compilation of technical talks on open source firmware, container security, Intel SGX, and cloud-native infrastructure from 2017-2019.
An introduction to the Node.js Security Working Group, its role in securing Node.js core and modules, and how to get involved.
Explains how flawed Regular Expressions can cause ReDoS attacks, crippling Node.js services with catastrophic backtracking and high CPU usage.
Guide to disabling outdated TLS protocols and ciphers in Azure API Management using ARM templates for improved security.
A guide to writing unit tests in ASP.NET Core to automatically verify that security attributes like AuthorizeAttribute are applied to controllers and actions.
A technical guide on securing Kubernetes services using NGINX Ingress Controller, covering TLS setup, whitelisting, and rate limiting.
How to detect Right-to-Left Override (RLO) characters in filenames using Python's unicodedata module to prevent malicious file spoofing.
A technical guide to building and enhancing a secure, accessible login form with HTML validation, security best practices, and UX improvements.
A tutorial on implementing a custom HTTP Basic authentication scheme within the ASP.NET Core 2.0 authentication framework.
A survey asking readers about their patching status for the Meltdown and Spectre CPU security vulnerabilities, with results shared.
Analysis of the Meltdown/Spectre processor flaws and their critical impact on SQL Server deployments, security, and performance.
Analyzes the recent panic over npm security, arguing it's based on social engineering in PRs, not a flaw in npm itself.
Argues against abandoning Firefox over recent controversies, comparing privacy implications of switching to Chrome/Chromium or using forks.
Explains implementing Separation of Duties and role-based security in SQL Server for data protection, focusing on Least Privilege principles.
A guide to using NoScript 10.x in Firefox, covering its new UI, trust levels, and configuration for privacy and security.
A guide to applying authorization globally in ASP.NET Core, covering single-policy and multi-policy scenarios using filters and conventions.
Argues that memory unsafety is a widespread, unnamed vulnerability causing thousands of bugs, and advocates for adopting memory-safe languages like Rust.
A technical guide on creating a Hashicorp Vault authentication token with permissions only to seal the vault, including policy creation and token generation.
A quick guide on using PowerShell to change the friendly name of a certificate, highlighting a simple command for system administrators.
Five practical security and usability improvements for the Django Admin interface, including URL changes, environment indicators, and 2FA.
