Category: Writing Patches

Never assume, always confirm. The most prevalent security bug in web applications is the venerable XSS. Bug bounty hunters can spot them a mile away and they carry a hefty impact, so they should not be ignored. Many developers assume someone else will handle protection against XSS for them, and kindly wake up to a […]

APIs are one of the best features of web applications. I see API accessibility empowering the web as a back-end tool for many applications, and this makes web application security forever relevant. Because insecure API endpoints, makes for insecure applications. The webmaster-tools-verification plugin included a useful feature for users. Cleaning up after itself if disabled. […]

Remember never to trust user inputs. It’s a common mistake, when writing a web application you are focused on building and making the application work. So, you input the values you expect. “What could go wrong?” Doesn’t cross your mind, you are focused on building. With the wsm-downloader plugin, the developer added a feature to […]

This was the first plugin I unsolicited wrote a patch for. The bug was bad news. That why it caught my attention. But, I was too late. This e-commerce plugin had a handy feature, users could create account upon checkout. Most shopping carts do this, it is a convenient feature I know I have used […]

I have become a psychopomp, or at least I act as one for open source projects. Psychopomps are personifications created by people to help them come to terms with a difficult truth. Death: the Grim Reaper, Charon the ferryman, Yama, 黑白無常, Guede Nibo, Xolotl are examples. Religions and/or folk tales use these characters to tackle […]