Engineering & Securityhttps://guisso.dev/en/en-US/en/https://guisso.dev/en/blog/phone-phreaking/https://guisso.dev/en/blog/phone-phreaking/Before the internet, a giant network already connected the world. From the 2600 Hz whistle to SS7 attacks and rogue cell sites in São Paulo apartments: the technical manual of phreaking, from classic to modern.Sat, 02 May 2026 13:00:00 GMTHistoryHackingTelecomhttps://guisso.dev/en/blog/cve-2024-29041-browser-parsers/https://guisso.dev/en/blog/cve-2024-29041-browser-parsers/Digging into the Chromium and Firefox source code to understand why the payload navigates to the malicious host on Safari but not on other browsers.Mon, 02 Mar 2026 13:00:00 GMTCVEExpress.jsAppSecSecurityBrowserNode.jshttps://guisso.dev/en/blog/cve-2024-29041-express-open-redirect/https://guisso.dev/en/blog/cve-2024-29041-express-open-redirect/How a backslash in a URL bypasses allowlists and fools the browser. A full breakdown of CVE-2024-29041 in Express.js with an interactive demo.Thu, 26 Feb 2026 13:00:00 GMTCVEExpress.jsAppSecSecurityNode.jshttps://guisso.dev/en/blog/owasp-top10-2025-details/https://guisso.dev/en/blog/owasp-top10-2025-details/Top 10:2025 is not just a list. It reflects how misconfigurations, supply chain, exception handling, and operational failures are breaking real businesses.Tue, 10 Feb 2026 15:00:00 GMTowasptop10appsechttps://guisso.dev/en/blog/terminal-cmd-k/https://guisso.dev/en/blog/terminal-cmd-k/How to bring Cursor-style Cmd+K to any shell using an AI CLI as a suggester only.Thu, 18 Dec 2025 21:04:02 GMTaishellzshhttps://guisso.dev/en/blog/tianji-2025/https://guisso.dev/en/blog/tianji-2025/What I learned from self-hosting Tianji: PV/UV without cookies, campaigns, and reliability lessons.Sat, 06 Dec 2025 12:00:00 GMTanalyticsprivacyself-hostedhttps://guisso.dev/en/blog/explorable-explanations-infoviz/https://guisso.dev/en/blog/explorable-explanations-infoviz/A curated list of interactive articles with animations, simulations, and visualizations that make complex topics visual, intuitive, and even fun to learn.Sat, 01 Nov 2025 13:00:00 GMTInfoVizDataVizExplorable ExplanationsEducationInteractivityhttps://guisso.dev/en/blog/secure-review-cursor-rules/https://guisso.dev/en/blog/secure-review-cursor-rules/How to use Cursor Rules and checklists adapted to the project context to optimize security reviews in modern applications.Tue, 26 Aug 2025 00:00:00 GMTsecuritycode-review"cursorappsechttps://guisso.dev/en/blog/top-5-rust/https://guisso.dev/en/blog/top-5-rust/Summary of the 5 most common vulnerabilities in Rust applications, generated with AI support and based on RustSec data.Tue, 10 Jun 2025 00:00:00 GMTrustsecuritydevsecopsappsechttps://guisso.dev/en/blog/git-config-core-devs/https://guisso.dev/en/blog/git-config-core-devs/How core Git developers configure their defaults.Wed, 26 Feb 2025 13:42:45 GMTgitdevtoolshttps://guisso.dev/en/blog/avante-nvim-op/https://guisso.dev/en/blog/avante-nvim-op/Integrating Avante.nvim with 1Password.Tue, 18 Feb 2025 13:42:45 GMTvim1passwordaihttps://guisso.dev/en/blog/appsec-kpi/https://guisso.dev/en/blog/appsec-kpi/I share here my experiences and learnings about creating KPIs for application security, without magic formulas, but with practical insights that can help other professionals in the field.Thu, 30 Jan 2025 00:00:00 GMTsecurityKPIappsechttps://guisso.dev/en/blog/sec-dev-book/https://guisso.dev/en/blog/sec-dev-book/In 2020, I started developing a book about security for developers, inspired by other authors and aiming to help the community naturally incorporate security into the daily development workflow.Sun, 24 Nov 2024 13:44:55 GMTsecuritybookdevsecappsechttps://guisso.dev/en/blog/ebpf-and-security/https://guisso.dev/en/blog/ebpf-and-security/In this post, we’ll explore what eBPF is, why it’s ideal for Kubernetes clusters, and how it powers security and observability tools in DevOps.Fri, 08 Nov 2024 17:12:56 GMTebpfsecuritydevsecopsk8skuberneteshttps://guisso.dev/en/blog/threat-modeling-intro/https://guisso.dev/en/blog/threat-modeling-intro/How to engage the team, map critical assets, and ship controls quickly with Threat Modeling Express.Sat, 28 Sep 2024 10:29:47 GMTThreat ModelingSecurityDevSecOpshttps://guisso.dev/en/blog/x-forwarded-for/https://guisso.dev/en/blog/x-forwarded-for/One of the technologies revolutionizing various markets that you need to know.Mon, 02 Sep 2024 13:44:55 GMTreverse proxyX-Forwarded-ForX-Real-IPNGINXApacheKongApigeemisconfigurationhttps://guisso.dev/en/blog/proxmox-debian-day/https://guisso.dev/en/blog/proxmox-debian-day/How I Transformed a Mini PC into a Respectable ServerSat, 17 Aug 2024 13:42:45 GMTproxmoxdebianadguardtailscalehomelabhttps://guisso.dev/en/blog/python-injection/https://guisso.dev/en/blog/python-injection/Demonstration of a Telegram bot made in Python with injection vulnerabilitySat, 23 Mar 2024 13:42:45 GMTowaspappsecpythoninjectionenhttps://guisso.dev/en/blog/devsec-links-2/https://guisso.dev/en/blog/devsec-links-2/Interesting links on the topic of secure development.Fri, 01 Dec 2023 12:45:33 GMTDevSecAppSecLinkssecretsci/cdchatgptcopilothttps://guisso.dev/en/blog/devsec-links-10/https://guisso.dev/en/blog/devsec-links-10/Interesting links on the topic of secure development.Wed, 01 Nov 2023 12:45:33 GMTDevSecAppSecLinksoauthpostmanoktagithttps://guisso.dev/en/blog/devsec-links-9/https://guisso.dev/en/blog/devsec-links-9/Interesting links on the topic of secure development.Sun, 01 Oct 2023 12:45:33 GMTDevSecAppSecLinkspypinpmopenapiapiimdshttps://guisso.dev/en/blog/devsec-links-8/https://guisso.dev/en/blog/devsec-links-8/Interesting links on the topic of secure development.Fri, 01 Sep 2023 12:45:33 GMTDevSecAppSecLinksgcpdefconci/cdsecretshttps://guisso.dev/en/blog/devsec-links-7/https://guisso.dev/en/blog/devsec-links-7/Interesting links on the topic of secure development.Tue, 01 Aug 2023 12:45:33 GMTDevSecAppSecLinksslsacsrfcorsapicsphttps://guisso.dev/en/blog/devsec-links-6/https://guisso.dev/en/blog/devsec-links-6/Interesting links on the topic of secure development.Sat, 01 Jul 2023 12:45:33 GMTDevSecAppSecLinksslsasupply chainapiauthterraformhttps://guisso.dev/en/blog/devsec-links-5/https://guisso.dev/en/blog/devsec-links-5/Interesting links on the topic of secure development.Thu, 01 Jun 2023 12:45:33 GMTDevSecAppSecLinkskeycloakgcps3redosransomwarehttps://guisso.dev/en/blog/devsec-links-4/https://guisso.dev/en/blog/devsec-links-4/Interesting links on the topic of secure development.Mon, 01 May 2023 12:45:33 GMTDevSecAppSecLinksgolangoidclambdaredoshttps://guisso.dev/en/blog/devsec-links-3/https://guisso.dev/en/blog/devsec-links-3/Interesting links on the topic of secure development.Sat, 01 Apr 2023 12:45:33 GMTDevSecAppSecLinksoauthoidcpasswordlessiamterraformhttps://guisso.dev/en/blog/devsec-links-1/https://guisso.dev/en/blog/devsec-links-1/Interesting links on the topic of secure development.Wed, 01 Mar 2023 12:45:33 GMTDevSecAppSecLinkschatgptapicorstlsgitsecretshttps://guisso.dev/en/blog/github-actions-recon/https://guisso.dev/en/blog/github-actions-recon/Demonstration of how to use Github Actions to automate a ReconWed, 16 Mar 2022 03:00:46 GMTowaspappsecreconenamassnaabunucleihttps://guisso.dev/en/blog/hacktoberfest-owasp/https://guisso.dev/en/blog/hacktoberfest-owasp/Quick guide to contribute to OWASP projects during Hacktoberfest and secure your PRs.Sat, 05 Oct 2019 14:26:27 GMTowaspappsechacktoberfesthttps://guisso.dev/en/blog/conhecendo-a-owasp/https://guisso.dev/en/blog/conhecendo-a-owasp/A brief introduction to OWASP and its projectsWed, 20 Mar 2019 23:42:45 GMTowaspappsecenhttps://guisso.dev/en/blog/escrevendo-artigos-e-palestras/https://guisso.dev/en/blog/escrevendo-artigos-e-palestras/Tips on structuring talks and turning them into articles.Fri, 22 Feb 2019 23:42:45 GMTstorytellingcommunicationcareerhttps://guisso.dev/en/blog/desvendando-o-blockchain/https://guisso.dev/en/blog/desvendando-o-blockchain/One of the technologies revolutionizing various markets that you need to know.Sat, 01 Sep 2018 23:42:45 GMTblockchainbitcoin