Daniel Szpisjak
The Web API Authentication guide, Basic Auth
HTTP Basic Auth has been with us for ages. Some despise it for its insecurity, while others love it for its simplicity. Should you opt for using it or avoid it at all cost?
Daniel Szpisjak
The Web API Authentication guide, The intro
As a developer, you will most likely get in the situation, where you have to decide how to authenticate your API. How would you deal with it?
Daniel Szpisjak
Data Integrity Primer
Data integrity is rarely talked about, even though it comprises the basis of many data flows a modern web application has to deal with. From a security perspective, integrity deals with protecting data from being modified (by unauthorized parties). There are various techniques to ensure integrity. I will guide you through the options, using real world examples. Once you finish, you will know more about this than most of the industry.
Daniel Szpisjak
About trusting data
“Never trust user input” - say the wise. Sound advice, although it raises more questions than it answers. First of all, what does it mean to trust a piece of data? Why not trust it? Is user input the only piece of data you should be careful with? Can you even trust any data? These are the questions I am exploring in this post. Assumptions When data enters your system, you are likely to have various assumptions about it.
Daniel Szpisjak
Security for Software Engineers
Solid security knowledge among developers is scarce these days, simply because it is not as spectacular and sexy as a new framework or a cool new tech. Nevertheless, it is real and will not go away anytime soon. Your best bet is to start learning about it right now. It will make you more valuable to your team and your organization. Do not think of this as a massive upfront investment; it is not.
Daniel Szpisjak
Session management
Session management is an integral part of today’s web applications. You receive limited support from the HTTP protocol and have to handle most of this yourself. No wonder session management vulnerabilities consistently make it to the top 3 of the “OWASP Top 10” list. This post aims to introduce you to the model of session management. Disclaimer This post only covers the basics. The security of session management relies mostly on the IAAA (Identification, Authentication, Authorization, Auditing) model, which builds on session management.