This post is part of the Before Your Code Runs series, cataloguing the hidden, implicit code execution surfaces in programming language runtimes and toolchains. Node.js and npm sit underneath a huge chunk of the modern web. It’s the runtime that made JavaScript a “real” backend language, and npm is the largest package registry in the world. That’s a lot of trust in a lot of code. Here’s roughly what happens when Node starts:...
This post is part of the Before Your Code Runs series, cataloguing the hidden, implicit code execution surfaces in programming language runtimes and toolchains. Python is probably the most beloved language in the world right now. It’s everywhere: data science, web backends, DevOps glue, AI/ML pipelines, you name it. And because it’s everywhere, attackers love it too. The thing is, most Python developers think execution starts when you type python app....
If you use a YubiKey for one-time passwords (OTP), you’ve probably done it at least once: you meant to type something, touched the key, and a long modhex string landed in Slack, a commit message, or an email. Annoying for everyone, and worse, it’s a real security risk. This post pulls together practical ways to reduce accidental triggers and what to do when a code gets out, plus how YubiOTP compares to TOTP so you can use both wisely....
In the last two blogs, we looked at the pieces that make a blockchain work and how the network agrees on what is true. In here, we will look at how all those pieces sit together as layers, how blockchains are structured, and how Layer 1 and Layer 2 actually differ in practice. Once we know what each layer is responsible for, concepts like rollups, sequencers, proofs and scaling start making sense....
I have been wanting to learn about kubernetes k8s since long, and create this blog series. Here we are finally started (thanks to null cloud security study group ), so without wasting too much time let’s get started. I am learning this having a security mindset, to find common misconfigurations and understand the development process to understand the mitigation. K8s is a container orchestrator. Before diving too much into the depth let’s see what orchestrators/orchestrations are....