← cd ../blog

~/blog/cybersecurity $ ls -la

Cybersecurity

Notes on web security, threat modeling, and breaking (then fixing) things.

Threat Modeling in Four Questions

A lightweight framework you can run on any feature before you write a line of code.

#appsec#process

SQL Injection, From First Principles

Why string-concatenated queries are dangerous, and how parameterization actually fixes it.

#web#appsec#databases