Research Notes
Credential Boundary Drift Across Cross-Origin Redirects
How partial redirect protections can preserve custom authentication headers across origin changes
Featured
A research note examining custom credential-bearing headers, redirect trust boundaries, and partial stripping behavior in HTTP clients.
Category
HTTP Client Security
Ecosystem
JavaScript / HTTP Clients
Difficulty
Advanced
FikreSekhel Research
14 min read
Jun 01, 2026
Research Notes
Promise Resolution as a Sandbox Boundary
A vm2 case study in asynchronous host-to-sandbox boundary mediation failure
Featured
A research note examining Promise resolution as a security-sensitive cross-realm boundary in JavaScript sandbox architectures.
Category
Sandbox Isolation Security
Ecosystem
JavaScript / VM Isolation
Difficulty
Research
FikreSekhel Research
18 min read
Jun 01, 2026
Research Notes
Recursive Descriptor Expansion as an Availability Primitive
How unbounded structural recursion transforms schema loading into denial-of-service surface
Featured
A research note examining recursion depth exhaustion in descriptor expansion pipelines.
Category
Parser Availability Security
Ecosystem
JavaScript / Protocol Buffers
Difficulty
Research
FikreSekhel Research
15 min read
Jun 01, 2026
Research Notes
Verified Reference vs Application-Consumed Data Confusion
When cryptographic verification succeeds but application logic consumes unsigned XML nodes
Featured
A research note examining the security gap between XML Signature reference validation and application-level data extraction.
Category
Cryptographic Trust Boundaries
Ecosystem
XML Security
Difficulty
Research
FikreSekhel Research
20 min read
Jun 01, 2026