Security-Awareness

Introduction USB Human Interface Devices (HID), such as keyboards and mice, are implicitly trusted by modern operating systems. This trust model enables seamless user interaction but also introduces a critical attack surface when abused. This post documents an educational laboratory project based on a Raspberry Pi Pico, designed to study USB HID-based attack techniques in a controlled, ethical environment. Rather than focusing on real-world exploitation, the goal is to understand the underlying mechanics, trust assumptions, and architectural decisions that make this attack vector possible. ...

Intro Web applications are interactive applications that run inside web browsers and typically follow a client-server architecture. In this model, the client (browser) is responsible for rendering the interface and interacting with the user, while the server handles application logic, data processing, and persistence. This separation enables scalability, flexibility, and centralized control, but also introduces a wide attack surface that must be properly understood from a security perspective. From a security engineering point of view, this separation of responsibilities is critical. Any data crossing the boundary between client and server must be considered untrusted by default, regardless of client-side validation. Attackers can fully control browsers, manipulate requests, and bypass front-end restrictions, which is why secure design always assumes a hostile client environment. ...