Sjoerd Langkemper

Unicode and endianness

CVE-2025-25200: this Koa ReDoS is not a serious vulnerability

Resetting any user's password in Open Web Analytics with a single request

Encrypting identifiers in practice

More links

Avoid hotlinking images with Cross-Origin-Resource-Policy

Amplification for compression attacks

If you don't want to solve a captcha, simply don't request one

Removing and encoding null bytes to exploit unserialize over SOAP

Parsing untrusted JSON in Python is not a security problem