• 2021-06-13
  • 5 minutes

What is and how to prevent Mass Assignment Vulnerabilities

First time I heard about mass assignment vulnerabilities was a long time ago, when I started learning Ruby & Rails. In fact I learnt a lot, security related back then, as Rails is a quite complex and secure framework, and to properly work with it you should understand the underlying mechanisms. At that time Rails […]
Continue Reading
  • 2020-01-18
  • 8 minutes

Breaking C# SecureString

As discussed previously in Heap Inspection post keeping passwords and other sensitive data in memory may be insecure as they can be inspected or dumped. Although it is almost impossible to completely mitigate Heap Inspection there are several techniques to reduce the time frame sensitive data keeps in memory, lowering the risk of exposure. Lets […]
Continue Reading