Explores how memory safety affects sandboxing in complex systems like browsers, challenging the view that they are purely complementary security approaches.
A developer shares lessons learned and pitfalls to avoid when implementing policy-based authorization in .NET applications.
A former Azure SQL security engineer outlines seven key improvements needed for access control and security in SQL Server and Azure SQL.
Discussion on alternative app stores for iOS, their impact on developer workflows, code signing requirements, and preparing for new OS versions.
A technical guide on implementing DNSSEC using Azure's private preview feature, detailing the PowerShell command and its significance for security compliance.
Explains security risks and attack scenarios for Managed Identities using Federated Credentials in Azure, focusing on privilege requirements and abuse prevention.
Analysis of W3C TAG's response to Google delaying third-party cookie removal, discussing privacy, ad tech, and web standards.
How to use PowerShell to automate compliance and security tasks in Microsoft Azure, including policy management and security monitoring.
Explains how to use KQL Graph semantics in Microsoft security tools to identify lateral movement paths between users, computers, and groups.
Explains how Cryptomator, a free open-source tool, provides end-to-end encryption for files stored in cloud services like Google Drive or Dropbox.
Cloudflare now offers a simple setting to block AI bots from scraping your website, available even on free plans.
A guide on how to permanently remove a file containing sensitive data (like a password) from your entire Git repository history using a specific command.
Explains HSTS (HTTP Strict Transport Security), its role in ASP.NET Core apps for enforcing HTTPS, and configuration considerations.
Explores using a local SSH server as a secure alternative to sudo for privilege management, avoiding setuid binaries.
A guide to encrypting and decrypting sensitive identifiers in ASP.NET Core route parameters for improved security and data privacy.
A former Microsoft Azure Data security Program Manager reflects on their role, the impact of improving SQL's permission system, and reasons for leaving.
Analyzes common security flaws in Express.js authentication, focusing on hardcoded secrets and poor cookie configuration, with solutions.
Learn how to use the dotnet CLI to check your .NET solution for NuGet packages with known vulnerabilities or that are deprecated.
Discusses the challenges of keeping software dependencies updated and compares manual vs. automated strategies for managing updates effectively.
Analysis of the malicious shell script component in the xz backdoor attack, detailing its injection and execution mechanisms.
