Hello!
As you might have learned from the Q3 2023 iteration plan, one focus of that quarter was adding automatic, scheduled resource checks to the Web Scraping → Page tracker feature in Secutils.dev. This post covers how I designed the scheduler that powers it. If you are building something similar in Rust, hopefully a few details here are useful.
Hello!
In one of my previous posts, I mentioned that I wrapped up the "Q2 2023 Apr-Jun" iteration and moved on to the next one: "Q3 2023 Jul-Sep". In this post, I want to briefly cover what I'm going to work on during this iteration. I'll highlight three main areas: improvements to the certificate templates, scheduled automatic web page resources checks, and shareable content.
Hello!
In my previous post I covered the 1.0.0-alpha.2 release of Secutils.dev. The headline feature was the Page tracker, but I want to highlight a much smaller change from the same release: "recover the original URL after sign-in". It is a tiny fix with a huge UX payoff, and it's also a nice case study in how easy it is to introduce a subtle security bug while shipping it.
Hello!
This weekend, I finally wrapped up the "Q2 2023 - Apr-Jun" iteration and cut a new 1.0.0-alpha.2 release of Secutils.dev. Admittedly, this release was delayed "a bit" (well, almost 3 weeks delay, that happens) since I needed slightly more time to prepare the "Page tracker" functionality for the general public. I tried to explain why it wasn't a trivial task in the "Detecting changes in JavaScript and CSS isn't an easy task" series of posts (part 1, part 2, part 3). Check them out!
If you want to learn more about the "Page tracker" functionality, I encourage you to start from this guide. For your convenience, I'm also attaching a short video clip here demonstrating how it works using a "fake" HTML page backed by the "Responders" feature. For the rest of the changes included in this release, please refer to the full changelog at secutils@v1.0.0-alpha.2.
TL;DR: It’s a hard, but rewarding experience!
Hello!
It’s been two months since I opened up Secutils.dev for an open beta and started writing about my indie hacking journey in public for the first time while still being a full-time employee at Elastic. In this short post, I just want to reflect on how things are going, what was good, and what wasn’t as good as I wanted it to be. If you’re in a similar situation or just curious, read on!
Hello!
This is the third and final post in a series (Part 1, Part 2) on the surprisingly hard problem of detecting changes in a web page's JavaScript and CSS resources, written while building the Resources Tracker (now Page tracker) feature in Secutils.dev.
The previous posts covered scraping mechanics and storage. Today we look at the security side: what extra parts of the page have to be tracked to catch tampering, what it takes to scrape authenticated pages, and what defences a tool like this needs against malicious users (since "scrape an arbitrary URL" is a powerful primitive).