- Mar 27, 2020
- 4 minutes
Auth Token in LocalStorage
Getting right to the point: storing a token in LocalStorage is insecure.
It’s getting more and more common to use token based authentication, specially on Single Page Applications (SPA) that need to communicate with an API. That is a good thing, and I really like the idea of JWT tokens.
Why …
- Mar 27, 2020
- 9 minutes
Security of the NPM Packages
Javascript (and typescript) is now one of the most used languages in new projects. It has an awesome performance, and Promises came to improve it even more. With it came tons of new tools and projects like Node and NPM. But not all is good, the security of the NPM packages is a worrying problem. …
- Jan 18, 2020
- 8 minutes
Breaking C# SecureString
As discussed previously in Heap Inspection post keeping passwords and other sensitive data in memory may be insecure as they can be inspected or dumped.
Although it is almost impossible to completely mitigate Heap Inspection there are several techniques to reduce the time frame sensitive data keeps …
- Oct 30, 2019
- 6 minutes
Secure Password Hashing
Password Hashing 101: MD5 and SHA1 which are quite common, are already considered unsafe. So if you are using them, replace them with a secure algorithm. Even for checksums should not considered secure. Check references for more info.
Now that we put that aside lets start from the basics.
User …
- Jul 19, 2019
- 6 minutes
Hardcoded Passwords
Hardcoded passwords… This is a problem quite common, and most of the projects that I get my hands on have a hardcoded password somewhere.
But, what’s the problem of having for example the password of the database in the code?
Well, actually, a lot!
Lets start by the most straightforward …
My Projects
