Articles
I’ve written several technical articles since 1997 for various blogs, websites, and magazines, both in English and in Italian. Here you can find a list of the most recent ones:
Duck Intelligence
Do machines understand? A brief philosophical-linguistic dissertation on the understanding capacity of AI systems, such as LLMs.
2026-02-06 
Why Broken Access Control Still Dominates the OWASP Top 10 in 2026?
Let's explore why Broken Access Control continues to rank highest on the OWASP list of security risks in web applications and APIs after several years.
2026-01-22
Pythagoras the Digitizer
How are Pythagoras, the digital world, and quantum physics connected? A subtle thread links them through their similar worldview.
2026-01-02
Auth0 My Account API: Let Users Manage Their Own Account
Learn how the Auth0 My Account API securely enables client-side, self-service user management, eliminating the need for server-side proxies for features like passkey enrollment and account linking.
2025-12-18
FAPI for Developers: Here Is Your Guide
Introducing a new ebook to explain why FAPI is essential for regulated industries, and how to move beyond OAuth bearer tokens for top identity security.
2025-12-16
Demystifying OAuth Security: State vs. Nonce vs. PKCE
Learn the critical differences between OAuth State, Nonce, and PKCE. Discover how these parameters prevent CSRF, replay attacks, and code interception.
2025-11-27
.NET 10: What’s New for Authentication and Authorization
Dive into the latest .NET 10 updates for authentication and authorization, and important breaking changes for .NET developers.
2025-11-10
The Three Laws of AI Security
What principles guide AI security? We adapt Asimov's Three Laws for modern AI agents to solve core LLM security challenges, from data control to tool access.
2025-11-07
Is Policy-Based Access Control (PBAC) an Authorization Model?
What is the difference between RBAC, ABAC, ReBAC, and PBAC? Is PBAC an authorization model or just a way to implement authorization models?
2025-10-28