Ari Kalfus

Ooh, thanks for calling that out

Jan 27

Cloudflare recently released privacy-preserving analytics - e...

Dec 25 '20

"If someone owns you, someone owns you." There is a LOT of r...

Nov 25 '20

Ok us-east-1 went on fire just after I posted this, but the c...

Nov 25 '20

Sounds like the ecosystem needs further maturity

Nov 10 '20

You can use a custom domain with GitHub Pages and get a valid...

Aug 15 '20

This article was great. Pushing a personal thing - if you wan...

Aug 10 '20

I currently use a physical notepad but I used OneNote at a pr...

Jul 18 '20

As of this point (1.5 to 2 days after the incident), Twitter ...

Jul 17 '20

Twitter has been exceptionally open about it's investigation....

Jul 17 '20

As a penetration tester, some of the most common and most imp...

Jul 5 '20

colored is a nice library for colorized text as well

Jul 3 '20

Outsource all style issues to a linter that runs in CI. You d...

Jun 21 '20

@ben maybe the title can be modified with something along th...

Jun 17 '20

pnp is new to me... will have to see how it works. It looks l...

Jun 17 '20

Maybe time for me to go back to yarn, then!

Jun 16 '20

That's kind of why I posed this question. I used yarn initial...

Jun 16 '20

Agreed

Jun 16 '20

A really important point the average person should understand...

Jun 16 '20

My god this actually convinced me

Jun 14 '20

:lolsob: fits every work discussion emojis.slackmojis.com/...

Jun 13 '20

If it wasn't for the fact that Snagit licenses are not subscr...

Jun 12 '20

I'm a penetration tester so I need to mark up my screenshots ...

Jun 12 '20

Yup! Thanks

Jun 10 '20

Anyone else wondering what happened between the end of this c...

Jun 10 '20

Not my article!

Jun 10 '20

You should be encrypting traffic between yourself and the pro...

Jun 10 '20

Well, HTTPS traffic is still encrypted so your ISP won't see ...

Jun 10 '20

Just be aware of your specific threat model. Tying your "anon...

Jun 9 '20

You mention some compile time benchmarks you ran. I'd be inte...

Jun 9 '20

HMMMMMM Great article!

Jun 6 '20

I would replace disqus on my blog with this

Jun 5 '20

Update: If I rewrote this today, I would end by directing peo...

May 23 '20

Fair cost of living-adjusted pay doesn't equate to living in ...

May 23 '20

Would that be a bad thing, though? I mean, besides smaller nu...

May 22 '20

If it would be useful, you can check out one of my more popul...

May 16 '20

I took his Vue course as well! Currently going through his CS...

May 16 '20

I have been diving into front end stuff and this guy on Udem...

May 16 '20

For 'enterprise-grade' shell scripts, do you tend to valida...

Apr 20 '20

Don't forget Portswigger's Web Security Academy! (free) por...

Apr 13 '20

I would also recommend tailscale.com/ to abstract away the ...

Apr 6 '20

Zoom has gotten what must be a few million dollars in free pe...

Apr 5 '20

Alternatively: the stress of taking care of family arrangem...

Mar 17 '20

The difference is the graphql schema creates valid sql in a...

Feb 25 '20

Well here's the thing - by adding a layer between the sql a...

Feb 25 '20

Sure - here is a page with some example techniques and it l...

Feb 24 '20

Yeah I believe that graphql is going to be awesome once it ...

Feb 24 '20

I just posted a comment on that other post - there is defin...

Feb 24 '20

I am a penetration tester and graphql injection is very fun...

Feb 24 '20

"Is GraphQL secure?" Unlike frameworks for RESTful service...

Feb 12 '20

Yeah - to be clear, this was a senior dev with no mobile ex...

Feb 7 '20

Thanks!

Feb 2 '20

You mention that if you don't need a lot of tooling to just...

Feb 2 '20

That's helpful, thanks!

Jan 18 '20

Ah, you have no option but to use Quasar's CSS classes? So ...

Jan 17 '20

Definitely agree, it's a bad vulnerability. SwiftOnSecurity...

Jan 14 '20

I didn't know the company logos were clickable. Those are g...

Jan 8 '20

Seng is right. I'll add that Access-Control-Allow-Origin is...

Dec 21 '19

Maybe add a note to the article about how dangerous origin:...

Dec 18 '19

This is great!

Dec 7 '19

There's this neat thing called HTTPS which uses this thing ...

Nov 26 '19

Please do not store session tokens in local storage auth0....

Nov 17 '19

This looks really neat.

Nov 15 '19

Yeah OpenAPI is great for its ubiquity and cross-tool suppo...

Nov 15 '19

Asciidoc I'm really not excited about. You have to write ou...

Nov 14 '19

😧 Oh no! Hopefully some of these resources people are post...

Nov 14 '19

Stoplight.io looks pretty interesting. Will check it out, t...

Nov 14 '19

I'm a big fan of having a Postman collection of your API en...

Nov 14 '19

Can you set up example requests with apiDoc? A quick look o...

Nov 14 '19

apiDoc is the generator I couldn't recall the name of! I re...

Nov 14 '19

Ah, apiDoc is what I remember using a few years ago. I was ...

Nov 14 '19

I like that this is markdown-based, although having to docu...

Nov 14 '19

Yup, the hash will change for each version of the script pu...

Oct 21 '19

This is great. Nit: Promote healthy web practices and add s...

Oct 21 '19

The Write the Docs URL is mangled - htts//writethedocs.org ...

Oct 20 '19

I don't want to toot my own horn, but I did write an articl...

Oct 8 '19

This is awesome!

Oct 8 '19

Okta has a nice article from a few years ago about using JW...

Sep 28 '19

Don't use JWTs, sessions are your friend. cryto.net/~joepie9...

Sep 19 '19

Also, business logic inconsistencies and access control mis...

Sep 18 '19

OWASP has a great web app testing methodology guide to walk...

Sep 18 '19

It is malware - dev.to/__shadz_/comment/ejd0

Aug 28 '19

Also, 2FA is the best way to stop bots IMO. Works as an add...

May 10 '19

Yes, CSRF is not valid if there is no browser involved, as ...

May 10 '19

CSRF will prevent malicious actions like trying to log into...

May 10 '19

The only effective way to do this type of attack, guessing ...

May 7 '19

I guess the question is why do we want to do this. As Jorge...

May 7 '19

Thanks for reminding me, this is next on my list to write

May 6 '19

You're totally right re: EC keys. Libsodium is also a great...

May 4 '19

OWASP Juice Shop is a great intermediate between "ok I've d...

Mar 18 '19

Thanks for this article! I want to challenge/comment on a f...

Nov 13 '18

Auth0 is great. It is hard to stay simple when using a SaaS...

Oct 15 '18

Love it! Can start considering the samesite attribute as mo...

Oct 15 '18

I'll have to look at how Adonis's library is implemented. ...

Oct 15 '18

When you say sessions, do you mean session cookies? In term...

Oct 15 '18

I agree that Gitlab, and even Bitbucket, offer more enterpr...

Jun 4 '18

Companies should use enterprise Github for that exact reaso...

Jun 3 '18

The first quantum cryptographic exchange was performed in 1...

Oct 28 '17