Heya!

Recently I had a chance to talk to folks from SafetyDetectives about the origin, future, and vision for Secutils.dev. I'm also publishing a copy of the interview here for better reach. Read on!

Hello!

Today, I’d like to touch on open-source intelligence, or OSINT. According to Wikipedia, open-source intelligence is the collection and analysis of data gathered from open sources (covert sources and publicly available information) to produce actionable intelligence. As you can infer from the definition, OSINT is a vast topic, and the best way to understand such broad topics is through concrete, narrow-scoped practical examples. In this blog post, I’d like to share one of the approaches on how OSINT techniques can be applied to bug bounty hunting for products with publicly hosted code on GitHub, using the awesome open-source project Grafana as an example. Read on!

Hello!

Recently, I was invited to give a presentation on cybersecurity to a group of young developers at Onja, a social enterprise in Madagascar. Since they are at the beginning of their cybersecurity journey, I didn't want to bore them with the hackneyed OWASP Top 10 or overwhelm them with the plethora of security tools developers have to rely on these days to keep software safe and secure. Instead, I wanted to discuss something basic yet foundational for anyone dealing with cybersecurity - the security mindset.

In my experience, when it comes to security, the right mindset is what transforms an average engineer into a good one. It's not something you can buy or acquire quickly, but it's something everyone can learn over time and benefit from throughout their career. The earlier you realize this, the better. Similar to building personal wealth, the earlier you start learning and investing, the better your life will be.

Generally speaking, if you're dealing with anything related to security, the right mindset gets you roughly 80% of the job done; the remaining 20% comes from proper tooling, a good team, and other factors. I like to say that developing a security mindset is simple, but not easy.

This blog post is the presentation turned into a blog post. Read on!

Hello!

Today, I'd like to discuss one approach to building user extensions into your application: embedding a JavaScript runtime in a Rust binary using Deno. This was first introduced in Secutils.dev in v1.0.0-alpha.5 (January 2024) as "script" extensions for webhook responders. In a sentence: it lets users dynamically process every incoming webhook request and decide on the response on the fly, turning a static responder into a tiny app.

As a user, have you ever wished your favourite app would behave just slightly differently? As a developer, have you ever stared at twenty subtly-different feature requests, none of which justify a dedicated toggle? Plugins, extensions, and integrations are how products like Notion, Shopify, Grafana, and WordPress sidestep the problem. The pattern works for tiny SaaS too.

Hello!

After a refreshing winter blogging break, I'd like to resume introducing Secutils.dev features through practical use cases. Ever wished you could subscribe to changes on a web page that does not natively offer subscriptions? That is exactly what the Page tracker feature is for. It first shipped as the "web page content tracker" in v1.0.0-alpha.4 (December 2023) and has since grown into the unified Page tracker we have today. I'll walk through how I use it (mostly outside its primary security focus) and how it works under the hood.

Hello!

I've finally wrapped up the feature development and fixes planned for the "Q4 2023 - Oct-Dec" milestone of Secutils.dev, a month earlier than expected. To make the changes more approachable than a wall of release notes, I want to demonstrate one of them in action: the new "Import content security policy" feature, by using it to learn a bit about the CSPs of websites you probably already use every day.