Author

Gloria Garcia

AppSec Engineer

Gloria is an Application Security Engineer with over 8 years of experience securing production web applications and conducting deep-dive codebase audits. A passionate advocate for developer education, she specializes in translating complex security concepts into practical, actionable guides that empower engineering teams to build securely from day one. Gloria is also an active OWASP contributor and a regular speaker at industry conferences.

Application SecurityOWASPVulnerability Assessment

6 articles by Gloria Garcia

Security·Apr 14, 2026·10 min read

How to Read a QR Code From a Screenshot on Your Laptop Without Using Your Phone

Someone sent you a QR code on Slack or email, but you are on your laptop. Learn how to decode QR code screenshots securely on Mac or Windows without needing your phone.

Read article

Application Security·Apr 14, 2026·16 min read

Security Headers Every Production Website Should Send

Stop failing penetration tests. Use this practical production checklist for HTTP security headers, including HSTS, CSP, nosniff, Referrer-Policy, and what old headers you should remove.

Read article

Application Security·Apr 9, 2026·14 min read

What Is Quishing? How to Inspect QR Codes Safely Before You Scan

Quishing (QR phishing) hides malicious links inside QR codes. Learn how the attack works, what payloads to watch for, and how to decode QR codes safely before executing them.

Read article

Application Security·Apr 8, 2026·12 min read

What Hidden Metadata Your Photos Reveal — and How to Remove It Safely

Every photo you take can contain hidden EXIF metadata, including GPS coordinates, timestamps, and device details. Learn how to inspect and strip image metadata safely in your browser.

Read article

Application Security·Apr 7, 2026·12 min read

Password vs. Passphrase: Which Is Better for Real-World Security?

Still using short, complex passwords with special characters? Learn why modern password guidance favors length, when passphrases make sense, and how to generate strong credentials safely.

Read article

Application Security·Mar 31, 2026·15 min read

Content Security Policy (CSP) for React and Next.js: The 2026 Implementation Guide

Whitelisting is dead. Learn how to implement a strict nonce-based Content Security Policy in Next.js and React without breaking hydration or third-party scripts.

Read article

Want to audit your own project?

The same expertise behind these articles powers CodeAva's audit engine.

Audit a website All articles