• 2020-03-27
  • 4 minutes

Auth Token in LocalStorage

Getting right to the point: storing a token in LocalStorage is insecure.It’s getting more and more common to use token based authentication, specially on Single Page Applications (SPA) that need to communicate with an API. That is a good thing, and I really like the idea of JWT tokens. Why localStorage is bad Well, when […]
Continue Reading
  • 2020-01-18
  • 8 minutes

Breaking C# SecureString

As discussed previously in Heap Inspection post keeping passwords and other sensitive data in memory may be insecure as they can be inspected or dumped. Although it is almost impossible to completely mitigate Heap Inspection there are several techniques to reduce the time frame sensitive data keeps in memory, lowering the risk of exposure. Lets […]
Continue Reading