application security

XSS – Cross-Site Scripting

Posted on 2025-09-112025-07-07 by tmack

In the realm of cybersecurity, understanding different types of vulnerabilities is crucial for protecting web applications and user data. One of the most common and dangerous vulnerabilities is Cross-Site Scripting (XSS). This article will explain what XSS is, how it works, and why it poses a significant threat to web security. What is XSS? Cross-Site Read More …

CSP – Content Security Policy

Posted on 2025-09-042025-07-07 by tmack

In the realm of web security, protecting websites from various types of attacks is crucial. One tool for enhancing web security is the Content Security Policy (CSP). This article will explain what CSP is, how it works, and why it is important for securing web applications. What is CSP? Content Security Policy (CSP) is a Read More …

DOM – Document Object Model

Posted on 2025-08-282025-07-07 by tmack

One of the key concepts for how web pages are structured is the Document Object Model (DOM). This article will explain what the DOM is, how it works, and its significance. What is the DOM? The Document Object Model (DOM) is a programming interface that browsers use to represent and interact with HTML and XML Read More …

Kubernetes Ingress Controller’s fake certificate

Posted on 2025-07-252025-06-19 by tmack

A Kubernetes Ingress Controller’s fake certificate is a security issue because it’s a self-signed certificate, which is not trusted by web browsers or other clients. This means that users will encounter certificate warnings or errors when trying to access your application, and the Ingress Controller is not providing secure communication. Here’s why it’s a problem: Not Trusted: Read More …

ENIAD – Endpoint, Network, Identity, Application, Data

Posted on 2025-07-242025-07-07 by tmack

Overview of ENIAD The ENIAD framework provides a comprehensive approach to cybersecurity by focusing on five critical areas that organizations must protect to ensure a robust security posture. Each component addresses specific aspects of security, enabling organizations to detect, respond to, and mitigate threats effectively. 1. Endpoint Endpoints refer to devices that connect to the Read More …

Notes on “Paved Road”

Posted on 2024-09-012024-08-27 by tmack

Lessons from Securing Internal Applications WebappSec Link Building a Security Platform Engineering Team “”” I’m a big fan of building security into existing processes, a term coined as “secure paved roads” by Jason Chan, Ex-Netflix CISO. The idea behind this is that security should mostly be invisible. The average employee should simply not have to Read More …