CSRF When You Least Expect It.
Fun with Cross-Site Request Forgery (CSRF) in a creative Web Timing Attack scenario, highlighting the risks inherent to SameSite=None session cookies. Read more.
Fun with Cross-Site Request Forgery (CSRF) in a creative Web Timing Attack scenario, highlighting the risks inherent to SameSite=None session cookies. Read more.
The second presentation I gave at Dashlane, in March 2021. A short introduction to Cross-Origin Resource Sharing (CORS), covering Origin, Same-Origin Policy, Cross-Site Request Forgery (CSRF), and a CORS twist with a Chrome Web Extension. Read more.
The first presentation I gave at Dashlane, in December 2020. A short introduction covering key differences between controlled & uncontrolled inputs, with examples & explainations. Read more.
On my last day at Gandi, I published an article reflecting on the relationship between Gandi and JavaScript. Read more.
Say one has a list of things, and for every of these things, one needs to perform an asynchronous operation that returns a Promise. How does one limit the number of asynchronous operations being performed concurrently? Without 3rd party dependencies and just a few lines of code? Read more.
See all posts.
Every post is tagged according to the topic it relates to:
This blog was made with Eleventy and is an absolute rip-off of eleventy-base-blog.
View the code on GitHub or read more about how it was set up.