Articles in category "Appsec" (3)


My thoughts on Secure Code Review

This article is going to cover my journey in cyber security, thoughts on secure code review and how to improve your own skills. I have now worked for four years professionally in the cyber security field as consultant, mostly doing white-box assessments …


Python gems to look out for

A few weeks ago I was looking into Python specific code patterns that would lead to vulnerabilities. I was surprised when I found a few patterns that I hadn’t really thought about, most likely because I never write Python code like the examples I …


Overwriting HttpOnly cookies with Javascript

So I got in contact with Sam Anttila on twitter regarding his article about overwriting HttpOnly enabled cookies using Javascript, which should not be possible. I asked him if he had verified if Firefox exhibits the same behavior. He answered yes and the …