About

Hi, I'm Fernando Guisso.

I'm a Security Software Engineer at willbank where I lead the AppSec practice and its internal authentication platform.

I build solutions that make security a natural part of the developer workflow—helping engineers ship safely without losing speed. The best security is the one that ships with the code.

In my spare time I obsess over my home lab: explore experiments tagged home-lab or dive into the gritty details on my wiki.

See posts Full archive

featured projects

Projects I'm building right now

See projects

Project
sfer.nvim

Lightweight Neovim plugin that displays SARIF files, perfect for CodeQL runs and my daily AppSec tooling.
open ↗
Project
Dojo Shield

Hands-on exercise to train secure development through guided missions with real-time feedback.
open ↗
Project
Home Lab

My home infrastructure running AppSec pipelines, ZFS storage, Kubernetes, and automations—full notes live on the wiki.
open ↗

new articles

Here's what I'm writing lately

Mar 2, 2026
CVE-2024-29041 only works on Safari?

Digging into the Chromium and Firefox source code to understand why the payload navigates to the malicious host on Safari but not on other browsers.

805 words · 4 min
Creative ler artigo ↗
Feb 26, 2026
Express.js Open Redirect

How a backslash in a URL bypasses allowlists and fools the browser. A full breakdown of CVE-2024-29041 in Express.js with an interactive demo.

3,134 words · 16 min
Idea ler artigo ↗
Feb 10, 2026
OWASP Top 10 Update

Top 10:2025 is not just a list. It reflects how misconfigurations, supply chain, exception handling, and operational failures are breaking real businesses.

1,896 words · 9 min
Lifestyle ler artigo ↗

Hi, I'm Fernando Guisso.

Projects I'm building right now

sfer.nvim

Dojo Shield

Home Lab

Here's what I'm writing lately

CVE-2024-29041 only works on Safari?

Express.js Open Redirect

OWASP Top 10 Update