Today I'm going to show you how to use the Zed Attack Proxy [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project] (ZAP) to debug and test the security of web applications. ZAP is an intercepting proxy that serves as a great tool for security beginners and veterans…
I've been using Linux for some time now, and I've always been partial to dark themes. They're easy on the eyes, especially when you spend most of your day working on a computer. The trouble is, Firefox doesn't play very nicely with these themes. It seems like it tries to…
Recently, I've been working with a new framework called Hapi [http://hapijs.com] to build an API for Webmaker [http://github.com/mozilla/api.webmaker.org]. This is a bit of a departure from the past, where we traditionally would have used Express to build the our server applications. The…
In my previous post [https://chrisdecairos.ca/one-time-passwords], I wrote about the new login system we're working on for Webmaker. In short, the new system facilitates the authentication of a user by generating a one time use password and sending it to the user's email account. The user can then…
Webmaker [https://webmaker.org] users currently sign in to their accounts using Persona [https://persona.org], Mozilla's privacy respecting authentication system. It's fairly simple, and has worked really well since our rewrite this past march [https://chrisdecairos.ca/webmaker-sso]. You can read the details of the implementation in the blog…
Webmaker is a very large project, with dozens of parts that all come together at https://webmaker.org. One of the hardest things for new contributors is getting everything set up properly. This problem multiplies ten-fold when the desired platform of the developer is Windows. Recently, I put together a…