Arjen

Work and blog posts

About

Arjen

  • Security software engineer
  • arjen@tweedegolf.com

In 2021, Arjen made the switch to Tweede golf. As an expert in the field of security with a background in pentesting, he mainly focuses on IRMA and other security-related projects. In addition, Arjen wants to broaden his knowledge by gaining experience with, among other things, Rust backends and JavaScript frontend frameworks.

Arjen is a real problem solver. He has solved countless 'Hack The Box' challenges in recent years, and can never resist the yearly Christmas puzzle in the local newspaper.

When he is not at his computer, Arjen likes to do sports (swimming, running, cycling) or do some home improvement.

Information Security MScPentestingSwimming

Blog posts by Arjen

When conducting a penetration test (also known as a hack test) on a website, one of the first things that will catch my eye is the configured (or better, not-configured) security headers on the targeted website. Security headers are a defense-in-depth#Information_security) measure, in the form of response headers, that let the browser know what is allowed and what is not. Browsers will respect the rules defined by these headers and thereby protect visitors from client-side attacks and potentially leaking sensitive information.

When you enabled Google Analytics (GA) on your website maybe you thought "I don't really have another viable option". Or maybe you thought "the negative effect on my visitors isn't that bad, is it?" Both are relatable, but recently Data Protection Authorities have put GA under a microscope and concluded it actually is pretty bad. Some things in GA violate the GDPR. Apart from the question of whether it is legal or not, the fact that your visitors are tracked across the internet - we feel - is just awful. And, as it turns out, you do have options.

Sending documents over the internet can be a pain. Email providers generally support attachments with a maximum size between 10 and 50 MB, for larger files one would need to find another way. Most people would probably use one of the many public cloud or file sender solutions. But what if the files to be sent contain personal information, medical information or are private family photos? And how do you know that only the recipient can access and download these files?