April 29, 2017

Basic Auth: Authentication or Authorization?

What is Auth? The word “auth” in computer security context can refer to authentication and authorization. These two words’ meanings are sometimes confused with each other. The detailed explanation for...

April 24, 2017

Social Responsibility of Tech Companies

Tech is becoming even more mainstream, and everybody’s dreaming of their own successful tech startups. In Indonesia alone, a few startups have gained their position and matured into the next...

April 02, 2017

Attending Black Hat Asia 2017

As in the previous years, this year’s Black Hat Asia event is held at Marina Bay Sands in Singapore. But unlike the previous years, this time I actually got the...

March 17, 2017

Indonesian Startup Cyber Crime 2016

Intro As the time of the writing, I’ve been a security engineer in Bukalapak for seven months. Before that, I was a software engineer and handled their application security stuff....

December 13, 2016

Tokopedia Persisted XSS Vulnerability

This is a documentation of a persisted XSS vulnerability in Tokopedia, an Indonesian e-commerce startup. Timeline December 12, 2016: A report is made to Tokopedia regarding the vulnerability in the...