You Should Be Using a Reentrancy Guard in Your Smart Contracts
A reentrancy attack capitalizes on unprotected external calls and can be a particularly devastating exploit that drains all of the funds in your contract if not handled properly. At its simplest,...
View ArticleSend Secure Emails with Gmail’s Confidential Mode
Earlier this year I switched jobs. After the interview process was over, I needed to send over my personal information for a background check. After that, I’d be all set! Sweet! Wait… how DO I send my...
View ArticleLearn the Fascinating History and Uses of the Public Suffix List
I recently worked on a feature that led me to learn about an interesting piece of the modern internet backbone — the Public Suffix List (PSL). Knowing more about the PSL isn’t going to make you a 10x...
View ArticleSecurely Erase Hard Drives in 6 Easy Steps with nwipe
Recently, I had a drive failure on my ZFS pool. Thankfully no data was lost because I am using two parity drives. The drive is still under warranty, and I will be sending it back to the manufacturer...
View ArticleAttach Elastic Beanstalk to a Route 53 Subdomain Securely with ACM
In this post, I’ll show you how to securely route traffic to an Elastic Beanstalk environment with a subdomain. For the sake of streamlining things, I’ll be explaining the whole process via the AWS...
View ArticleSecuring an API Gateway Using AWS IAM
AWS API Gateway provides a convenient “front door” to other services, which can be accessed directly by users or by other parts of your own infrastructure. For user access, AWS Cognito is a good choice...
View ArticleHow to Add Basic Security Checks to Your Application
The security of an application is a highly important aspect of software development. But, sometimes it gets buried as more urgent (or just flashy and user-facing, if we’re being honest) tasks come up....
View ArticleFree Ways to Protect Your Personal Data on the Web
With the ever-expanding state of the internet, it can be hard for the average person to track and prevent personal data breaches. A technical knowledge barrier shouldn’t prevent someone from keeping...
View ArticleUse Docker Scout to Identify Security Vulnerabilities
Docker recently released Docker Scout, a tool for scanning images for security vulnerabilities. I tried it out while working on a task to improve my project’s security score and found it very useful....
View ArticlePasskeys and the Future of Web Authentication
Over the years, web authentication has undergone many evolutions. From the days of HTTP basic auth to the modern practices of multi-factor authentication and OAuth, software professionals are...
View Article