A retrospective on Let's Encrypt's 10-year impact, highlighting its growth to become the world's largest certificate authority and its role in securing the web.
Chrome, Firefox, and WebKit plan to remove XSLT from browsers by 2026, citing significant security risks in the aging codebase.
Analysis of CVE-2025-55315, a critical HTTP request smuggling vulnerability in ASP.NET Core with a CVSS 9.9 score, its impact, and mitigation.
A guide to using a free, remote 'browser in browser' tool for safely testing suspicious links and checking website compatibility across different browsers.
Explains the complex interplay between CORS, SameSite cookies, and CSRF attacks in cookie-based web authentication systems.
A guide on securing static websites by implementing security-focused HTTP response headers using Cloudflare Pages and 11ty.
A CLI command to bypass CORS restrictions when fetching local files during localhost development in Chrome.
A developer shares their journey in open source, focusing on web security, Node.js contributions, and receiving the GitHub Stars 2023 award.
A guide to implementing HTTP security headers for web applications, using a festive-themed Azure example to improve website security posture.
A guide to Django security, covering common vulnerabilities and how the framework helps protect web applications from threats.
A critical analysis of SAML security, arguing its design is inherently insecure due to malleable signature computation, with examples of real-world vulnerabilities.
Explores the performance drawbacks of Extended Validation (EV) SSL certificates, including their lack of full OCSP stapling support.
Explains the security risks of target='_blank' links and how the 'noopener' and 'noreferrer' attributes protect against them.
The author announces migrating their blog to HTTPS using a free Let's Encrypt certificate and requests help finding broken image links.
Explains the benefits of HTTPS and how Netlify simplifies the process of enabling it for your website with automatic certificates.
Mozilla introduces website assignment for Firefox Containers, allowing users to automatically open specific sites in isolated containers for enhanced privacy.
A guide to implementing Content Security Policy (CSP) headers in ASP.NET Core applications to control resource loading and enhance security.
A guide to using Let's Encrypt for free, trusted TLS certificates, including setup with Nginx and comparisons to paid alternatives.
A developer's portfolio of web development, SaaS, and security projects, including tools for email, domains, passwords, and recruiting.
Discusses the inevitability of website breaches, lists major hacks, and explains how to assess your risk and prepare for security incidents.
