Web Locks API
(mozilla.org)
The Web Locks API allows scripts running in one tab or worker to asynchronously acquire a lock, hold it while work is performed, then release it. While held, no other script executing in the same origin can acquire the same lock, which allows a web app running in multiple tabs or workers to coordinate work and the use of resources.
The Web Locks API allows scripts running in one tab or worker to asynchronously acquire a lock, hold it while work is performed, then release it. While held, no other script executing in the same origin can acquire the same lock, which allows a web app running in multiple tabs or workers to coordinate work and the use of resources.
Ancient Monkey: Pwning a 17-Year-Old Version of SpiderMonkey
(pspaul.de)
Last year, @swapgs and I found a fun bug in the popular enterprise VPN solution Zscaler.
Last year, @swapgs and I found a fun bug in the popular enterprise VPN solution Zscaler.
New passkey specifications will let users import and export them
(9to5mac.com)
Passkeys were introduced two years ago, and they replace traditional passwords with more secure authentication using a security key or biometrics. To make the technology even better, the FIDO Alliance published on Monday new specifications for passkeys, which ensure a way to let users import and export them.
Passkeys were introduced two years ago, and they replace traditional passwords with more secure authentication using a security key or biometrics. To make the technology even better, the FIDO Alliance published on Monday new specifications for passkeys, which ensure a way to let users import and export them.
Coming soon: Securely import and export passkeys
(1password.com)
Passkeys are superior to passwords in almost every way. They’re simpler to use because there’s nothing to memorize, type out, or paste in. They’re also always strong and come with multi-factor authentication built right in. In short, passkeys are awesome.
Passkeys are superior to passwords in almost every way. They’re simpler to use because there’s nothing to memorize, type out, or paste in. They’re also always strong and come with multi-factor authentication built right in. In short, passkeys are awesome.
CS 253 Web Security
(web.stanford.edu)
This course is a comprehensive overview of web security. The goal is to build an understanding of the most common web attacks and their countermeasures. Given the pervasive insecurity of the modern web landscape, there is a pressing need for programmers and system designers to improve their understanding of web security issues.
This course is a comprehensive overview of web security. The goal is to build an understanding of the most common web attacks and their countermeasures. Given the pervasive insecurity of the modern web landscape, there is a pressing need for programmers and system designers to improve their understanding of web security issues.
How to Hack the Breakthrough Prize (Ft. Session Confusion)
(varun.ch)
In 2023, I discovered a critical vulnerability in the Breakthrough Challenge website. After over one year since it was patched, I am disclosing the bug for the sake of transparency. I believe this class of vulnerability, which I am introducing as 'Session Confusion', is often overlooked.
In 2023, I discovered a critical vulnerability in the Breakthrough Challenge website. After over one year since it was patched, I am disclosing the bug for the sake of transparency. I believe this class of vulnerability, which I am introducing as 'Session Confusion', is often overlooked.
htmx Web Security Basics
(htmx.org)
As htmx has gotten more popular, it’s reached communities who have never written server-generated HTML before.
As htmx has gotten more popular, it’s reached communities who have never written server-generated HTML before.