23 posts tagged with "technology"

Hello!

In one of my previous posts, "The best application security tool is education", I discussed why educating yourself or your engineers about security can yield the highest return on investment, especially if you have a limited budget. However, I understand that learning or teaching security is not as straightforward as it sounds. Every organization has its unique characteristics, and every engineer has their own distinct qualities. Moreover, internalizing secure coding practices is a time-consuming process. If you're just starting on this journey, I'm here to share two very simple rules that are easy to remember and have the potential to significantly enhance the security of the code you or your colleagues write. So, let's dive in!

Hello!

Last week, I kicked off the new "Q4 2023 - Oct-Dec" development and research iteration for Secutils.dev, the open-source toolbox designed for developing and testing secure applications. In this post, I'll take you through the significant features and changes that will be the focus of my work in the coming weeks and months: tracking arbitrary web content, user-specific webhook subdomains, inherited CSP, and more. Let's dive in!

Hello!

In an earlier post I talked about the notifications subsystem in Secutils.dev. Around the same time I was preparing to allow Secutils.dev users to inject custom JavaScript into the web pages they track resources for, which forced a serious round of security hardening on the Web Scraper. This post is the result: an end-to-end checklist for anyone running a service that scrapes arbitrary user-supplied URLs.

Hello!

With just one month remaining in the "Q3 2023 - Jul-Sep" milestone (this is how I structure my roadmap), I wanted to provide a quick progress update. A significant deliverable for this milestone includes adding support for email notifications and other transactional emails.

Notifications, in general, and email notifications, specifically, are integral to any product that involves any monitoring or tracking activities. Secutils.dev already includes, and will continue to expand, features that require the ability to send notifications. Two notable examples include sending notifications for changes detected by the web page resources trackers and changes detected in the tracked content security policies (CSP).

Hello!

As you might have learned from the Q3 2023 iteration plan, one focus of that quarter was adding automatic, scheduled resource checks to the Web Scraping → Page tracker feature in Secutils.dev. This post covers how I designed the scheduler that powers it. If you are building something similar in Rust, hopefully a few details here are useful.

Hello!

In one of my previous posts, I mentioned that I wrapped up the "Q2 2023 Apr-Jun" iteration and moved on to the next one: "Q3 2023 Jul-Sep". In this post, I want to briefly cover what I'm going to work on during this iteration. I'll highlight three main areas: improvements to the certificate templates, scheduled automatic web page resources checks, and shareable content.