DEV Community

loading...
Ari Kalfus profile picture

Ari Kalfus

Penetration tester and devsecops engineer. @artis3n

All 101 comments

SSH and SCP with AWS SSM

Ooh, thanks for calling that out

How I removed google analytics and still have good data to analyze

Cloudflare recently released privacy-preserving analytics - e...

localStorage vs cookies: the "tabs vs spaces" sterile debate of web development 🙄

"If someone owns you, someone owns you." There is a LOT of r...

Find The Cube

Ok us-east-1 went on fire just after I posted this, but the c...

How is Deno Doing? (Nov 2020)

Sounds like the ecosystem needs further maturity

How do you host a website for free?

You can use a custom domain with GitHub Pages and get a valid...

Release and Deploy Ansible Collection with GitHub Actions

This article was great. Pushing a personal thing - if you wan...

Do you keep a work journal?

I currently use a physical notepad but I used OneNote at a pr...

What are the major lessons from the Twitter hack?

As of this point (1.5 to 2 days after the incident), Twitter ...

What are the major lessons from the Twitter hack?

Twitter has been exceptionally open about it's investigation....

Social Authentication or Not?

As a penetration tester, some of the most common and most imp...

Print coloured text in python

colored is a nice library for colorized text as well

How do you code review?

Outsource all style issues to a linter that runs in CI. You d...

American Communications Companies Appear to Be Under DDoS Attack

@ben maybe the title can be modified with something along th...

What is the difference between yarn and npm these days?

pnp is new to me... will have to see how it works. It looks l...

What is the difference between yarn and npm these days?

Maybe time for me to go back to yarn, then!

What is the difference between yarn and npm these days?

That's kind of why I posed this question. I used yarn initial...

American Communications Companies Appear to Be Under DDoS Attack

Agreed

American Communications Companies Appear to Be Under DDoS Attack

A really important point the average person should understand...

The Case for Comma-Leading Lists

My god this actually convinced me

What's your favourite custom Slack emoji?

:lolsob: fits every work discussion emojis.slackmojis.com/...

How do you take screenshots?

If it wasn't for the fact that Snagit licenses are not subscr...

How do you take screenshots?

I'm a penetration tester so I need to mark up my screenshots ...

Why deps.ts and mod.ts is BAD in Deno

Yup! Thanks

Why deps.ts and mod.ts is BAD in Deno

Anyone else wondering what happened between the end of this c...

Be anonymous, create your own proxy server with AWS EC2

Not my article!

Be anonymous, create your own proxy server with AWS EC2

You should be encrypting traffic between yourself and the pro...

Be anonymous, create your own proxy server with AWS EC2

Well, HTTPS traffic is still encrypted so your ISP won't see ...

Be anonymous, create your own proxy server with AWS EC2

Just be aware of your specific threat model. Tying your "anon...

Why deps.ts and mod.ts is BAD in Deno

You mention some compile time benchmarks you ran. I'd be inte...

Learn Vuex in 5 minutes.

HMMMMMM Great article!

Is it safe to use Disqus for my Blog?

I would replace disqus on my blog with this

Encrypting Files in a Post-PGP Age

Update: If I rewrote this today, I would end by directing peo...

Facebook and more big tech companies are going to lean into distributed work. What is going to suck about this?

Fair cost of living-adjusted pay doesn't equate to living in ...

Facebook and more big tech companies are going to lean into distributed work. What is going to suck about this?

Would that be a bad thing, though? I mean, besides smaller nu...

What's the Best Place to Learn TypeScript?

If it would be useful, you can check out one of my more popul...

What's the Best Place to Learn TypeScript?

I took his Vue course as well! Currently going through his CS...

What's the Best Place to Learn TypeScript?

I have been diving into front end stuff and this guy on Udem...

Howto write enterprise-grade shell scripts

For 'enterprise-grade' shell scripts, do you tend to valida...

How to learn web application security

Don't forget Portswigger's Web Security Academy! (free) por...

Getting Started with WireGuard

I would also recommend tailscale.com/ to abstract away the ...

A semi technical explainer of all known Zoom issues

Zoom has gotten what must be a few million dollars in free pe...

How will Covid-19 change things forever?

Alternatively: the stress of taking care of family arrangem...

How is GraphQL different from the old days?

The difference is the graphql schema creates valid sql in a...

How is GraphQL different from the old days?

Well here's the thing - by adding a layer between the sql a...

How is GraphQL different from the old days?

Sure - here is a page with some example techniques and it l...

How is GraphQL different from the old days?

Yeah I believe that graphql is going to be awesome once it ...

I wonder about security of GraphQL, esp for C-UD

I just posted a comment on that other post - there is defin...

How is GraphQL different from the old days?

I am a penetration tester and graphql injection is very fun...

How to convince your team to use GraphQL?

"Is GraphQL secure?" Unlike frameworks for RESTful service...

Hands-on with the app that broke the Iowa caucus

Yeah - to be clear, this was a senior dev with no mobile ex...

Add helpful cli to your python libraries... All of them!

Thanks!

Add helpful cli to your python libraries... All of them!

You mention that if you don't need a lot of tooling to just...

Why Quasar? Why Nuxt? Why Vue?

That's helpful, thanks!

Why Quasar? Why Nuxt? Why Vue?

Ah, you have no option but to use Quasar's CSS classes? So ...

Run Windows update now!

Definitely agree, it's a bad vulnerability. SwiftOnSecurity...

What API documentation generator/tool do you use?

I didn't know the company logos were clickable. Those are g...

How CORS (Cross-Origin Resource Sharing) Works?

Seng is right. I'll add that Access-Control-Allow-Origin is...

How CORS (Cross-Origin Resource Sharing) Works?

Maybe add a note to the article about how dangerous origin:...

Make a Rubber Ducky for $3 with Digispark

This is great!

How do you practice safe public wifi access?

There's this neat thing called HTTPS which uses this thing ...

What are the good practices to Node.js web app authentication and authorization?

Please do not store session tokens in local storage auth0....

What API documentation generator/tool do you use?

This looks really neat.

What API documentation generator/tool do you use?

Yeah OpenAPI is great for its ubiquity and cross-tool suppo...

What API documentation generator/tool do you use?

Asciidoc I'm really not excited about. You have to write ou...

What API documentation generator/tool do you use?

😧 Oh no! Hopefully some of these resources people are post...

What API documentation generator/tool do you use?

Stoplight.io looks pretty interesting. Will check it out, t...

What API documentation generator/tool do you use?

I'm a big fan of having a Postman collection of your API en...

What API documentation generator/tool do you use?

Can you set up example requests with apiDoc? A quick look o...

What API documentation generator/tool do you use?

apiDoc is the generator I couldn't recall the name of! I re...

What API documentation generator/tool do you use?

Ah, apiDoc is what I remember using a few years ago. I was ...

What API documentation generator/tool do you use?

I like that this is markdown-based, although having to docu...

I made DEV.to widget for websites/blogs

Yup, the hash will change for each version of the script pu...

I made DEV.to widget for websites/blogs

This is great. Nit: Promote healthy web practices and add s...

How to build a documentation culture

The Write the Docs URL is mangled - htts//writethedocs.org ...

3 Amazing ways to generate random numbers without Math.random()

I don't want to toot my own horn, but I did write an articl...

Sodium-Plus: A Positive Cryptography Experience for JavaScript Developers

This is awesome!

Simple Intro to JWT Basics

Okta has a nice article from a few years ago about using JW...

JSON Web Tokens (JWT) vs. SessionID 🔐 ? explained in 2 mins

Don't use JWTs, sessions are your friend. cryto.net/~joepie9...

If you were tasked to conduct a security audit on a server/database-backed web app, where would you start?

Also, business logic inconsistencies and access control mis...

If you were tasked to conduct a security audit on a server/database-backed web app, where would you start?

OWASP has a great web app testing methodology guide to walk...

What is your top productivity apps that you cannot live without?

It is malware - dev.to/__shadz_/comment/ejd0

Block malicious login attempts, but preventing account lock-outs.

Also, 2FA is the best way to stop bots IMO. Works as an add...

Block malicious login attempts, but preventing account lock-outs.

Yes, CSRF is not valid if there is no browser involved, as ...

Block malicious login attempts, but preventing account lock-outs.

CSRF will prevent malicious actions like trying to log into...

Block malicious login attempts, but preventing account lock-outs.

The only effective way to do this type of attack, guessing ...

Block malicious login attempts, but preventing account lock-outs.

I guess the question is why do we want to do this. As Jorge...

How do you authenticate your users?

Thanks for reminding me, this is next on my list to write

Encrypting Files in a Post-PGP Age

You're totally right re: EC keys. Libsodium is also a great...

How to Learn Penetration Testing: A Beginners Tutorial

OWASP Juice Shop is a great intermediate between "ok I've d...

How to properly use passwords

Thanks for this article! I want to challenge/comment on a f...

How do you authenticate your users?

Auth0 is great. It is hard to stay simple when using a SaaS...

How do you authenticate your users?

Love it! Can start considering the samesite attribute as mo...

How do you authenticate your users?

I'll have to look at how Adonis's library is implemented. ...

How do you authenticate your users?

When you say sessions, do you mean session cookies? In term...

What's your opinion on Microsoft's GitHub Acquisition?

I agree that Gitlab, and even Bitbucket, offer more enterpr...

What's your opinion on Microsoft's GitHub Acquisition?

Companies should use enterprise Github for that exact reaso...

Post-Quantum Cryptography, Part 1: Quantum Computing

The first quantum cryptographic exchange was performed in 1...

loading...