Electronic Signatures Using The Browser
Sometimes, especially in government or enterprise context, you need to sign a document in the browser using a smartcard (some may call it “crypto token”). It’s rare, but many peopleContinue reading
Storing Encrypted Credentials In Git
We all know that we should not commit any passwords or keys to the repo with our code (no matter if public or private). Yet, thousands of production passwords canContinue reading
The Benefits of Side Projects
Side projects are the things you do at home, after work, for your own “entertainment”, or to satisfy your desire to learn new stuff, in case your workplace doesn’t giveContinue reading
Bad Software Is Our Fault
Bad software is everywhere. One can even claim that every software is bad. Cool companies, tech giants, established companies, all produce bad software. And no, yours is not an exception.Continue reading
Audit Trail Overview
As part of my current project (secure audit trail) I decided to make a survey about the use of audit trail “in the wild”. I haven’t written in details aboutContinue reading
User Authentication Best Practices Checklist
User authentication is the functionality that every web application shared. We should have perfected that a long time ago, having implemented it so many times. And yet there are soContinue reading
Tracking Cookies and GDPR
GDPR is the new data protection regulation, as you probably already know. I’ve given a detailed practical advice for what it means for developers (and product owners). However, there’s oneContinue reading
Setting Up Cassandra With Priam
I’ve previously explained how to setup Cassandra in AWS. The described setup works, but in some cases it may not be sufficient. E.g. it doesn’t give you an easy wayContinue reading
Using JWT For Sessions
The topic has been discussed many times, on hacker news, reddit, blogs. And the consensus is – DON’T USE JWT (for user sessions). And I largely agree with the criticismContinue reading
Adding Visible Electronic Signatures To PDFs
I’m aware this is going to be a very niche topic. Electronically signing PDFs is far from a mainstream usecase. However, I’ll write it for two reasons – first, IContinue reading