Mike Samuel mikesamuel

Programming languages ∩ security. Previously, Google technical infrastructure.

377 followers · 23 following

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

mikesamuel / api.md

Last active October 30, 2017 16:20

API for building URL classifiers

URL Classifier Builder

This is now implemented: https://github.com/OWASP/url-classifier

Problem

Matching URLs with regular expressions is hard. Even experienced programmers who are familiar with the URL spec produce code like /http:\/\/example.com/ which spuriously matches unintended URLs like

mikesamuel / hello_world.md

Created August 22, 2017 22:18

Hello, World!

mikesamuel / header-safe-defaults.md

Last active June 19, 2021 04:08

Golang header safe defaults library proposal

Secure Header Set

_{^{tinyurl.com/sec-header-sets}}

A proposed library that provides safe defaults (with opt-out) for security-relevant HTTP response headers.

Secure Header Set
Background

mikesamuel / auto-noncing-design.md

Last active August 12, 2022 15:09

CSP Auto-noncing in Go html/template

Auto-noncing in Go html/template

Background

CSP mitigates many client-side security vulnerabilities. A policy is a whitelist of locations from which JavaScript, Styles, and other content can be loaded. CSP allows nonces & hashes to make it easy for a policy to allow some inline content without allowing all inline content.

NewerOlder