CTO at data security company. Opinions reflect my current state of mind and nothing else matters. I blog at http://www.ivychapel.ink about information security, risk and other things that amaze me.
- Preventing SQL Injections When WAF’s Not Enough
by ninegunpi on 2/13/19, 3:47 PM, with comments
- Web app data leaks and how to prevent them 101
by ninegunpi on 2/8/19, 10:18 AM, with comments
- On avoiding band-aid security after penetration tests
by ninegunpi on 1/30/19, 2:39 PM, with comments
- Quiche: QUIC implementation in Rust
by ninegunpi on 1/23/19, 10:39 AM, with comments
- Hiring external security team: what you need to know
by ninegunpi on 11/27/18, 3:38 PM, with comments
- Implementing tracing in modern distributed app
by ninegunpi on 11/22/18, 5:49 PM, with comments
- CipherSweet: searchable field-pevel encryption for PHP
by ninegunpi on 11/21/18, 1:01 PM, with comments
- Analysis of ProtonMail Cryptographic Architecture
by ninegunpi on 11/21/18, 8:46 AM, with comments
- Highlights of french cybersecurity strategy
by ninegunpi on 2/14/18, 3:08 PM, with comments
- Two types of engineering resiliency
by ninegunpi on 2/9/18, 8:13 AM, with comments
- Meltdown, Spectre, and why hardware can be correct yet insecure
by ninegunpi on 1/18/18, 3:18 PM, with comments
- SecureRandom is now secure in Ruby
by ninegunpi on 12/25/17, 4:38 PM, with comments
- Hermes distributed access control scheme
by ninegunpi on 12/13/17, 6:28 PM, with comments
- Disco – mixing Strobe and Noise protocol frameworks
by ninegunpi on 12/11/17, 1:13 PM, with comments
- Analysis of remote DoS vulnerability in VirtualBox
by ninegunpi on 11/9/17, 8:06 PM, with comments
- Standardizing Bad Cryptographic Practice [pdf]
by ninegunpi on 11/7/17, 2:49 PM, with comments
- Why TLS 1.3 isn't ready yet
by ninegunpi on 11/1/17, 3:15 PM, with comments
- An incident response blog post containing 0day vuln
by ninegunpi on 10/30/17, 5:15 PM, with comments