Archive - The Secure Cookie

🍪#7 A Developer-Friendly Approach to Security in CI/CD Pipelines

Illustrating secure delivery workflows with minimal friction for developers.

Nov 18 •

October 2025

🍪#6 From Dev to Prod and How Runtime Environments Shape the SDLC

Clarifying the differences between Development, Test, Staging, and Production environments.

Oct 28 •

🍪#5 The Final Step to Secure File Uploads

Managing file size, storage, and permissions to build resilient and secure upload features.

Oct 16 •

Your Company Needs More (Good) Digital Nomads

Why letting your team work from paradise might be smarter than you think.

Oct 9 •

🍪#4 Turning WAFs into a VirusTotal-like Platform for File Content Validation

As a security engineer, working with low-budget projects has sometimes driven my growth.

Oct 2 •

September 2025

🍪#3 Why File Type Validation is Always an Untrusted Check

Attackers turn file type validation into an easy bypass.

Sep 25 •

🍪#2 How To Sanitize A Filename

A developer's guide to practical defenses against unsafe file names in file upload features.

Sep 18 •

🍪#1 The Dangers of Insecure File Uploads

From RCE to data leaks—the risks behind insecure file handling.

Sep 9 •

Hello from The Secure Cookie

An introduction to me and to this newsletter. And why secure coding is more than just following AI hints.

Sep 5 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts