Posts

• Jul 10, 2023

  Scanning Tailscale Funnel

• Dec 6, 2022

  Why *NOT* To Pin TLS Certificates

• May 26, 2022

  Multiple Vulnerabilities in Flower and Downstream Attacks on Airflow

• May 10, 2021

  Toxic Tokens: Using UUIDs for Authorization is Dangerous (even if they’re cryptographically random)

• Sep 23, 2020

  Methodology for High-Quality Web Application Security Testing

• Apr 21, 2020

  Code Patterns for API Authorization: Designing for Security

• Jul 2, 2019

  Advanced Frida Witchcraft: Turning an Android Application into a Voodoo Doll

• Jul 1, 2019

  The School of Frida Witchcraft: Java Spellcasting Errata

• Apr 11, 2019

  A Novel CSP Bypass Using `data:` URI

• Apr 10, 2019

  Apple's App-Site Association - The New `robots.txt`

subscribe via RSS