software-security
-
Questions for System Design Reviews
2019-05-12
Moving towards operationalizing system design reviews. What questions should a review team ask, or expect to be answered?
-
What is the Value-add of ssh-agent?
2019-01-14
The purpose of ssh-agent and observations how ssh-agent improves UX and security.
-
User-influenced Shell Commands Are Still Considered Harmful
2016-12-06
Non-obvious ways of getting code execution when testing code that uses user input to build shell commands.
-
Authorization Design Patterns
2016-08-01
Patterns/anti-patterns for designing authorization APIs.
-
Fuzzing Servers
2015-11-11
One tip for finding fast and useful fuzz targets for networked code.