With AI, technical interviews are becoming harder and harder to trust. Candidates now have access to automated tools designed to help ...
It all started with a CVE. It feels like it always does 😉. CVE-2025-54887 (CVSS 9.1) disclosed a missing GCM authentication ...
Rails is great at making the happy path simple. You need a record, you write Model.find(params[:id]). You need an authorization check, ...
Rails relies on signed sessions to keep track of logged-in users. Since Rails 5.2, those sessions use AES GCM for authenticated ...
When you are doing code review, penetration testing, bug bounty or threat modeling, it is easy to get tunnel vision and ...
When reviewing code, you often uncover problematic patterns or weaknesses. Unfortunately, discovering something concerning doesn't automatically mean you have found an ...