Posts by Daniel Szpisjak

Lifelong learner. A security engineer with a strong development background. My goal is to bring security closer to developers in the form of trainings, workshops and Security Drops!

Daniel Szpisjak

The ends of encryption

End-to-end encryption means data is encrypted at the sender and only the final recipient can decrypt it. True end-to-end encryption has excellent privacy and security benefits. However, it also has a cost. As a developer, it is a great pattern to utilize to shield data from 3rd parties.

The Web API Authentication guide

As a web developer, you have various choices regarding API authentication. This guide aims to provide you with a high-level overview of the six most used schemes. Inside, you will find a cheatsheet to help you choose.

The Web API Authentication guide, TLS Client Certificates

TLS mutual authentication doubles down on HTTPS. Using this scheme your clients' identity is proved by presenting certificates and proving ownership of a private key. This is a very potent tool and also a tradeoff.

Introducing The Glossary

The Glossary describes common security jargon, phrases, abbreviations , and concepts succinctly and in a way that makes sense to you.

The Web API Authentication guide, Signature Schemes

HTTP signature schemes provide integrity and authenticity on the application layer. Using them increase security but also incurs complexity.