software-security

Questions for System Design Reviews

2019-05-12

Moving towards operationalizing system design reviews. What questions should a review team ask, or expect to be answered?

What is the Value-add of ssh-agent?

2019-01-14

The purpose of ssh-agent and observations how ssh-agent improves UX and security.

User-influenced Shell Commands Are Still Considered Harmful

2016-12-06

Non-obvious ways of getting code execution when testing code that uses user input to build shell commands.

Authorization Design Patterns

2016-08-01

Patterns/anti-patterns for designing authorization APIs.

Fuzzing Servers

2015-11-11

One tip for finding fast and useful fuzz targets for networked code.