"Never trust user input" - say the wise. Sound advice, although it raises more questions than it answers. First of all, what does it mean to trust a piece of data?
Solid security knowledge among developers is scarce these days, simply because it is not as spectacular and sexy as a new framework or a cool new tech. Nevertheless, it is real and will
Hello, my name is Daniel Szpisjak
Your time as a Software Engineer is valuable. I get it and respect it. This blog is designed to contain small, easily consumable drops of security knowledge essential for You.
Session management is an integral part of today's web applications. You receive limited support from the HTTP protocol and have to handle most of this yourself. No wonder session management vulnerabilities consistently make
When a software developer first gets exposed to web security, he will inevitably memorize his first acronym: XSS! It stands for “cross site scripting”, and it is one of the oldest vulnerabilities around.
Back in the 90s, someone wanted to store information on the clients, only it was not possible yet. Luckily the Netscape team quickly came to the rescue and implemented cookies. This was a