Injection defenses rely on making your code aware of the data structure it manipulates. If it is done well, your data structure internals are exposed just enough, so it is possible to hide them completely. Taking this approach will lead you to think of interfaces as security contracts.
Posts by Daniel Szpisjak
Lifelong learner. A security engineer with a strong development background. My goal is to bring security closer to developers in the form of trainings, workshops and Security Drops!

All authors
SecurityDrops joins SCADEMY
Thursday, Mar 18, 2021 by Daniel Szpisjak
Early March, I and SecurityDrops with me joined SCADEMY - Secure Coding Academy. Expect content. More and better quality content from me and from experienced peers alike. I will dedicate more time to the blog and curating its content.
Injections, where code meets data
Friday, Feb 14, 2020 by Daniel Szpisjak
Injections are still one, if not the most serious, flaws a developer can make. This post deconstructs the vulnerability and puts it back together to offer you a solid understanding to build on. After reading it, you will never think of injections the same way.
Use this mental model to learn security
Thursday, Mar 7, 2019 by Daniel Szpisjak
Mental models help us learn faster and more efficiently. The security field can be viewed from two different viewpoints. One is very high-level, dealing with abstract ideas. Let’s call it macro. The other deals with the details, of how the smaller parts interact. That’s the micro.
Inside a crypto black-box
Thursday, Feb 7, 2019 by Daniel Szpisjak
AES, also known as the Advanced Encryption Standard, is one of the fundamental building blocks of today’s secure communications. Let’s take a peek inside and see how it works.