Hammad Khan

@hammadxcm

Website

Software Engineer | Open Source Contributor

LahoreJoined April 2026

About

An engineer with over 8+years of experience in crafting applications.

Available for

Freelance work, Open Source Contributions, Technical Reviews and System Design

Hammad Khan's blogs

HKhammad-khan.hashnode.dev5 posts

Articles Comments

Recently published

HKHammad Khanhammad-khan.hashnode.devJun 10 · 9 min read

Building a Chrome Extension That Bridges Three SaaS Tools

Building a Chrome Extension That Bridges Three SaaS Tools Chrome extensions live in a strange place. They're not quite apps. They're not quite scripts. They run in a browser context, talk to a backend

0

HKHammad Khanhammad-khan.hashnode.devMay 23 · 10 min read

From Singleton AuditService to Event-Driven AuditModule: A Decoupling Story

From Singleton AuditService to Event-Driven AuditModule: A Decoupling Story Every codebase I've worked on for more than six months has an AuditTrailService somewhere. It starts life as a helpful singl

0

HKHammad Khanhammad-khan.hashnode.devMay 22 · 10 min read

CSRF Double-Submit Cookies: The Underrated Defense for Same-Origin SaaS

The first time a pen tester filed a CSRF finding against a portal I owned, my reaction was the same as everyone else's: "We're SameSite=Lax. Aren't we fine?" We weren't fine. And the fix wasn't the fr

0

HKHammad Khanhammad-khan.hashnode.devMay 16 · 8 min read

CSP Headers in Practice: Lessons From a Real Security Audit Pass

CSP Headers in Practice: Lessons From a Real Security Audit Pass The first time I deployed a strict Content Security Policy in production, the application broke in three places nobody had ever thought

0

HKHammad Khanhammad-khan.hashnode.devMay 13 · 8 min read

HMAC Request Signing for Third-Party Webhook Security

HMAC Request Signing for Third-Party Webhook Security Webhook endpoints are the most under-secured class of route in most codebases. They take requests from the internet, often without a session, ofte

0

Hammad Khan

About

Available for

Hammad Khan's blogs

Recently published

Building a Chrome Extension That Bridges Three SaaS Tools

From Singleton AuditService to Event-Driven AuditModule: A Decoupling Story

CSRF Double-Submit Cookies: The Underrated Defense for Same-Origin SaaS

CSP Headers in Practice: Lessons From a Real Security Audit Pass

HMAC Request Signing for Third-Party Webhook Security

Search Hashnode

Hammad Khan

About

Available for

Hammad Khan's blogs

Recently published

Building a Chrome Extension That Bridges Three SaaS Tools

From Singleton AuditService to Event-Driven AuditModule: A Decoupling Story

CSRF Double-Submit Cookies: The Underrated Defense for Same-Origin SaaS

CSP Headers in Practice: Lessons From a Real Security Audit Pass

HMAC Request Signing for Third-Party Webhook Security