A permission model that works fine for a single location business almost always breaks the first time a customer opens a second branch. The break is rarely visible in the role names themselves. It shows up in the data, a manager at one branch can suddenly see, or worse, edit, records belonging to a ...
Most teams treat a security assessment as something that happens to them. An outside report arrives, with findings ranked by how serious they are, and engineering spends the next few months working down the list. That is a fair process, but it is not the only one, and waiting for one assessment a ye...
Stopping bots has a bad name, because the version most people have actually seen, a puzzle that fails on the third try, gets in the way of actual visitors while barely slowing down a serious attacker. A good bot defense looks almost nothing like that. It works in layers, stays mostly invisible, and ...
Cross Site Request Forgery is an old problem, well understood by now, and it still turns up in reviews of actual production systems on a regular basis. In our experience, this is almost never because a team does not know what CSRF is. It is because they built one defense and assumed it covered every...
Server rendered applications, PHP, Rails, older ASP.NET, and similar setups that build HTML on the server and add jQuery style JavaScript on top, build up a particular kind of security debt over the years. Inline click handlers, timer calls that act like eval, and raw HTML being inserted straight in...
Every developer already knows SQL injection is dangerous. The harder problem is what you do once you have inherited tens of thousands of lines of code where queries were built by joining strings together, written over ten years before parameterized queries became the obvious default. You cannot rewr...
Most permission systems start out simple. There is an admin, and there is everyone else. Then a customer asks if a person can approve a purchase order but not delete it, and the simple system stops working. If you want to design permissions that survive this kind of growth, here is a plan that keeps...
Content Security Policy is one of the strongest tools against cross site scripting, and also one of the tools teams most often set up halfway. We have seen it happen many times, including in our own early projects. A team adds the header, something on the page breaks, they loosen the rule until it s...
