I do not usually write retrospectives on conferences I have attended, but this was something else altogether. What was it? This conference was a big
Read moreHere’s how I prepare for conferences
Public speaking can be enormously empowering and fulfilling. I have spoken at quite a few international conferences – I always reflect on what I’ve done
Read moreCSRF Tokens? What Tokens?
In a previous blog post where I covered Cross-Site Request Forgery and what potential impacts and consequences such an attack may have, I wrote that
Read moreBank-grade Security or Why Blocking Password Pasting is not a Good Security Strategy
Your friend creates a website. You are curious and you ask him: “is it secure?”, which, in your mind, probably means “did you secure your
Read moreCarriage Return Line Feed (CRLF) Injection Explained
How does a server know when a new header begins and the old one ends or when a line is terminated? Simple. In order to note
Read more2017 OWASP Top 10 for PHP Developers Part 10: Insufficient Logging & Monitoring
Another day, another web application gets hacked. Most of the time web application hacks fly under the radar and are discovered years after the data breach
Read more2017 OWASP Top 10 for PHP Developers Part 9: Using Components with Known Vulnerabilities
Attacks on today’s web are an unsurprising reality – websites are hacked daily, data is being stolen and leaked left, right and centre. In many (though
Read more2017 OWASP Top 10 for PHP Developers Part 8: Insecure Deserialization
When developing a web application, web developers sometimes need to first turn data into a proper format so that it can be processed. Occasionally, converting
Read more2017 OWASP Top 10 for PHP Developers Part 7: Cross-Site Scripting (XSS)
We have all seen search forms, haven’t we? Take a look at mine: The above search form is pretty basic – when a search query
Read more