Learning about Macaroons
Today I was trying to learn a bit more about one of the new features in AM 7: Macaroon token support. The official documentation gives a basic understanding of what this token format is all about, but if that wasn’t enough, I’ve found Neil’s blog post about it a bit...
My hunt for a secure web framework
About 5 months ago I started to work on and off on a pet project of mine that hopefully will simplify my wife’s life. As my wife is a sole trader, she’s been busy issuing invoices to her clients, however her existing process is not really that optimal, and requires...
Subresource integrity
Just this last month there was a slightly disturbing story unfolding: Browsealoud, a commonly used accessibility service (also used by several government websites) has been hacked and JavaScript code was injected into their service. The story itself can be found here, but if you want to read the security researcher’s...
Privacy concerns with Stack Overflow
As I was writing my last blog post I ended up referencing a couple of different Stack Overflow (SOF) answers. There was a strange thing I noticed as I was using the share “button” though: all the generated links had the exact same suffix, a large number. Here are some...
Credit card number validation gone wrong
When done right, online shopping can be a very nice and simple experience, but there are sadly also times when it is overly complicated and the user experience is just terrible. My experience on argos.co.uk not too long ago was the latter, mainly because I couldn’t enter my credit card...
Deep dive into Cross Site Request Forgery
I’ve been always fascinated by Cross Site Request Forgery attacks, so today I’m going to try to go through the different variants of this attack type in as much level of detail as I can. I will also try to give some guidance on how to prevent these attacks depending...
Hunting down a bug in Tomcat
Not too long ago I was asked to look into a strange bug, OPENAM-11571. Although the reproduction of the issue wasn’t too simple (issues with our home-grown test framework used for performance tests), the actual debugging process turned out to be quite something. In this post I’ll try to document...
Life lesson #1
Recently Judit and I were a bit worried about our combi boiler in the kitchen, because the water pressure out of the blue has increased to 2 bars from the normal 1.3-1.4 bar range, and it didn’t really seem to decrease over time. At this point I should have realized...