Web application security: what to do when…

    This post is part of the ”WASEC: Web Application SECurity” series, which is a portion of the content of WASEC, an e-book on web application security I’m currently writing.

    Here is a list of all the articles in this series:

  1. Web security demystified: WASEC
  2. Introduction
  3. Understanding the browser
  4. Security at the HTTP level
  5. HTTP headers to secure your application
  6. Hardening HTTP cookies
  7. Situationals

Often times, we’re challenged with decisions that have a direct impact on the security of our applications, and the consequences of those decisions could potentially be disastrous. This article aims to present a few scenarios you might be faced with, and offer advice on how to handle each and every single of them.

This is by no means an exhaustive list of security considerations you will have to make in your day to day as a software engineer, but rather an inspiration to keep security at the centre of your attention by offering a few examples.

Read on →

Command line spinners: the magic tale of modern typewriters and terminal movies

In the latest release of ABS, we introduced a package manager that fetches an archive from GitHub and installs it locally: like in many other command-line interfaces, we decided to add a “loader” to accompany the process, something that looks like this:

I want to take a moment to reflect on how we implemented the simple spinner you see in the video, a process that derives from typewriters and movies — let’s get to it!

Read on →

My last day at Namshi: goodbye folks!

Today, I wave goodbye to the company I supported for the past 7 and a half years, Namshi.

Read on →

ABS 1.7.0: ctrl+r and other optimizations

A few days ago I released a new minor version of the ABS programming language, 1.7.0, which adds some syntactic sugar as well as improvments to the REPL — let’s get to them!

Read on →

ABS 1.6.0: the convenience of index ranges and default return values

Here we are with a new release of ABS, the elegant programming language for all of your scripting needs!

Even though small, 1.6 (with 1.6.0 and 1.6.1) introduces a couple interesting features, so let’s check them out!

Read on →

The ABS playground: run ABS code directly in your browser (WHOOOOP!)

Remember the last time you thought “ough, JavaScript”?

Well, that’s me every other day: I love JS for its flexibility and dynamism, but I also sometimes find it painful to deal with, especially in some specific programming contexts.

If you, like me, hoped to be able to write something other than JavaScript in order to get stuff done on the web, chances are you bumbed into WebAssembly (abbr. WASM), and considered it your holy grail. WASM is a portable binary format that’s been implemented by all major browsers and allows other languages to be compiled for the web.

Why is that important? Well, that’s the key of how I managed to run an ABS playground (a code runner) on the browser.

Read on →

Playing with QuickJS

A few days ago Fabrice Bellard released QuickJS, a small JS engine that targets embedded systems.

Curious to give it a try, I downloaded and set it up on my system to try and understand this incredible piece of software.

Read on →

ABS 1.5.0: file writers have landed!

A few hours ago I released a new minor version of the ABS programming language, 1.5.0, which includes a couple of interesting features — let’s get to them!

Read on →

ABS 1.4.0: welcome unicode!

A few weeks ago I released version 1.4.0 (and 1.4.1, with an additional bugfix) of the ABS programming language: in this post, I’d like to explain everything major that made it in this new minor release.

Read on →

ABS 1.3.2: making ABS faster with a simple fix

Hi there! Just a quick post to announce a bugfix release of the ABS programming language: 1.3.2 fixes a simple yet important performance bug dealing with short-circuit evaluation.

Read on →
Archives