Published:
I was reading the WebSub specification (formerly PubSubHubbub) when I found that there was a risk of reflected browser-side code injection (reflected cross site scripting, reflected XSS) in the WebSub intent verification exchange.
Published:
A list of computer security guidelines and references.
Friends don't let friends use $http_host
Published:
Two related authority-ambiguity vulnerabilities in NGINX and Debian's proxy_params configuration snippet.
Published:
If you are trying to understand the difference between the different cryptography-related formats (PKS#12, PKCS#8, PEM, X.509 certificate, DER, JWK, BEGIN ENCRYPTED PRIVATE KEY??? 🤯), you will hopefully find some useful information here (and a lot more your did not wanted to know about).
Published:
Books I have read in 2025. Should be mostly spoiler free.
Published:
Some (not so serious) cryptographic wisdom from a long time ago…
Published:
Cheat sheet for (some) reinforcement learning mathematical formulas and algorithms.
Published:
PortSwigger “Concealing payloads in URL credentials” talks about concealing XSS payloads in URL credentials. The nice thing is that this makes the payload invisible to WAFs and other server-side XSS filters. You can actually conceal the payloads in other places
Published:
My experience from the Codingame Spring Challenge 2025.
Where we learn that the sky is actually a giant blueberry smoothie 🫐
Published:
Testing ASCII smuggling using Unicode Tags on LLMs/chatbots. Nothing new here. Just a short summary.
Page 1 of 12 | Previous page | Next page | JSON Feed | Atom Feed | RSS Feed