Security
Application security, authentication systems, binary exploitation, and CTF research by Brahim Boumlik.
- ·18 MIN READ
How Attackers Break Software: A Security Research Deep Dive
Understanding how vulnerabilities are exploited is the only reliable way to design software that resists them. This covers the mechanics behind common attack techniques — grounded in real controlled-environment CTF research and what each one teaches about defensive engineering.
- ·22 MIN READ
Securing User Sessions: How Modern Authentication Works
Most auth vulnerabilities aren't in the login form — they're in how tokens are issued, stored, and invalidated. This breaks down access/refresh token flows, blacklisting strategies, and the production edge cases that keep user sessions genuinely secure.
- ·18 MIN READ
Adding a Second Lock on the Door: Implementing 2FA
Two-factor auth is table stakes for any product handling sensitive data. Here's how we implemented TOTP with QR codes, backup codes, and account recovery — and the encryption decisions that made it production-safe.
- ·30 MIN READ
Security from the Attacker's Perspective: Lessons from Vulnerability Research
The best secure code is written by engineers who understand how it breaks. This documents a structured journey through real security research — logical flaws, memory corruption, and exploitation techniques — and the defensive lessons each one surfaced.