Julien is a freelance software developer, security researcher, and Golang trainer. From the comfort of the French countryside, he works mostly remotely with clients all over the world. When he's not writing code or hunting for bugs, he enjoys cooking, gardening, and playing and (re-playing) Cuphead.
Management thinks that letting folks from WidgetCo log into widgetco.ourapp.com will really help make the sale. It seems harmless enough. But using a custom subdomain like this can open WidgetCo up to potential security issues. In this article, Julien Cretel introduces us to Subdomain Takeover attacks and discusses ways we can mitigate them.
Links are so fundamental to web development that they're almost invisible. When we link to a third-party page, we hardly ever consider how it could become an opportunity to exploit our users. In this article, Julien Cretel introduces us to three techniques that bad actors can use to target our users and discusses how to avoid them.
Have you ever been neck-deep building a new feature? You're working at capacity. You need to test something out so you paste an API key into your source file with every intention of removing it later. But you forget. You push to GitHub. It's an easy mistake, and potentially a very expensive one. In this article, Julien Cretel explores the nuances of this kind of data leak, offers suggestions for recovery when leaks happen and gives us options for preventing them in the first place.