avatar-vickie-li.jpg Vickie Li

Vickie Li is a professional investigator of nerdy stuff, with a primary focus on web security. She began her career as a web developer and fell in love with security in the process. Now, she spends her days hunting for vulnerabilities, writing, and blogging about her adventures hacking the web.

All Posts by Vickie Li

An Overview of Best Practices for Security Headers

Many decisions go into the process of creating a secure website. One of these decisions is selecting which HTTP security headers to implement. Today, we’ll dive into the most important HTTP security headers and the best practices that will strengthen your website’s security. Table of Contents The Security Headers HTTP Strict Transport Security (HSTS) Content-Security-Policy (CSP) X-XSS-Protection X-Frame-Options Referrer-Policy X-Content-Type-Options Permissions-Policy Configuring a Security Header Nginx Apache IIS Firebase Learn More About Security Headers The...

Read more

Building a GitHub Secrets Scanner

GitHub reconnaissance is a tactic that attackers use to gather information about their targets. Attackers analyze organizations’ GitHub repositories and check for sensitive data that has been accidentally committed or information that could lead to the discovery of a vulnerability. For this tutorial, let’s build a scanner that automates the GitHub recon process! We will be scanning your GitHub repositories using the method mentioned in the “Tightening Up Your GitHub Security” post. You will be...

Read more

Grep for System Admins: Using Grep to Automate Daily Tasks

Photo by Lucas Sankey on Unsplash If you work with computers as a programmer or system administrator, you probably spend a lot of time staring into the command-line interface! And if you’re used to the command line, you have probably come across the grep command. So what exactly is grep? And how do I use it, and use it better? In this post, we’ll cover some of the most useful grep options and techniques to...

Read more