Tes Engineering Blog

Did you know that the HTTP Strict Transport Security (HSTS) policy enabled a form of supercookie? I didn't, until recently. So I decided to dig into it a bit more to really understand what's what. HSTS - security vs privacy HSTS was invented to protect users against downgrade hacking attacks like SSL stripping. It's meant to help keep users safe. However, an unintended side-effect is that it can…

I recently completed the JavaScript Security: Best Practices course by Marcin Hoppe and wanted to share some key practical take aways I learnt on how to write more secure JavaScript. As well as reading this blog, I'd also highly recommend completing the course. It's short and sweet and hands on! JavaScript Threat Environments It's worth noting that there are two different threat environments…

Inspirations I joined Tes in October as Principal Engineer. In the same week I joined, my new team gained another new member. Some introductory meeting with our new team was expected sooner rather than later. Fortunately, a useful idea for how we approach this popped-up in one of the company's Slack channels, where Dan Abel mentioned an article about building empathy in teams by Emily Webber…

Here is a short recap of some fundamentals of using asynchronous JavaScript with some practical examples. Why do I need to use asynchronous code again? JavaScript by its nature is synchronous. Each line is executed in the order it appears in the code. It’s also single threaded, it can only execute one command at a time. If we have an operation that takes some time to complete, we are effectively…