In Depth
In Depth: Stealing Password Tokens with Forwarded Host Poisoning
[InDepth#13] User input comes in many different forms, and sometimes your app will believe whatever your users tell it... especially if it's in a header!
In Depth
In Depth: "Password Generator" Security Audit
[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!
OWASP Top 10
OWASP In Depth: A08:2021 – Software and Data Integrity Failures
It's a three-in-one for the third last entry into our OWASP Top 10 series!
OWASP Top 10
OWASP In Depth: A05:2021 – Security Misconfiguration
From Insecure Design last week to Insecure Configuration this week!
OWASP Top 10
OWASP In Depth: A01:2021 - Broken Access Control
Let's dive into the first risk in the OWASP Top 10...
In Depth
In Depth: Insecure Direct Object References (IDOR)
[InDepth#11] Also known as hide-and-seek, and security through obscurity!
In Depth
In Depth: Magic Emails
[InDepth#10] One time codes, magic links, and more...
In Depth
In Depth: Signed URLs
[InDepth#9] One of the many awesome and completely underrated Laravel security features.
In Depth
In Depth: Policy Objects
[InDepth#8] Policy Objects are incredibly powerful. Use them.
Newsletter
In Depth: Content Security Policy
[InDepth#7] CSPs are an incredibly powerful security feature built into the browser.
In Depth
In Depth: Timing Attacks
[InDepth#6] You can use response timing to infer important information.
In Depth
In Depth: Rehashing Passwords
[InDepth#5] It sounds easy to rehash passwords, but is it really that easy?