Engineering notes from the trenches.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
4 posts ← reset filters
JWTs are meant to be opaque to users. They're not. Here's what I learn about your architecture just by decoding one.
After years of poking at APIs that weren't meant to be poked at, these are the auth patterns that break most often — and why.
A practical walkthrough of the methodology I use when there's no documentation: capturing traffic, mapping endpoints, and validating assumptions before writing a single line of automation.
DevTools shows you everything, which is the problem. Here's how I filter signal from noise when reverse-engineering a web application's API.