A digital gallery exploring security design through intentionally flawed but fully functional web applications. Each installation embodies a specific security anti-pattern, pushed to an absurd but internally consistent extreme.
AuthENDication
A working authentication system where every password's lifespan is set to 1% of its estimated crack time. Weak passwords die in seconds; strong ones outlive your employment. A meditation on the theater of mandatory rotation and the 90-day ritual no math supports.
logbearer
A notes app where every action you take is appended to your JWT until the token outgrows HTTP header limits and the session dies under its own weight. A meditation on audit fatigue, the illusion of token secrecy, and the modern compulsion to log everything.
DOMbase
A working cyber risk assessment platform with no database — every record sits in localStorage, the admin panel is unguarded, and shareable URLs carry the full payload in plain text. A security tool that would fail every category it measures.