My writings online

- Protecting Single Page Applications from Web Skimming on Amazon CloudFront

PCI DSS V4 has new requirements to prevent web skimming on payment pages. Here is how I am tackling that requirement with content security policies and subresource integrity.

- Anxiety-Driven Development

Software releases can be fast, predictable, and high quality when engineered with anxiety and empathy. This approach works well for individuals that own the research, development, and release of software.

- Audience Verification

Audience verification is an important check to prevent tokens intended for other services being used against yours. I fixed a vulnerability with Facebook tokens.

- Erik Paul Nielsen - July 13, 1978 - June 22, 2023

Erik Paul Nielsen has passed. He supported and influenced me professionally.

- Experimental WebAuthn PRF Extension Demonstration

A new experimental WebAuthn extension enables web technologies to offload key material sourcing and storage to affordable security keys. Inside is a demonstration of the draft WebAuthn PRF extension.

- Converting Fonts to WOFF2 for the web

A quick note to self: How to convert TTF fonts to WOFF2 with specific unicode ranges

- New Personal Blog

Starting up a new blog! I might have a few interactive experiments here and there. To start, here's some JS that generates a copyable password! Also, it turns out CSP can't stop browser extensions. Be warned.

I have a basic RSS Feed if you wish to subscribe.