As you might already know, back in 2014, I’ve developed a custom Web Application Firewall. You’ll see one adorning BreachDirectory and indeed, you can see
Read more10 ways to increase the security of your WordPress application
When someone mentions WordPress, you will often hear people saying “don’t use it, it’s insecure”. In a sense, those people are right – there is
Read moreHow I could have pwned my highschool (SQLi, CSRF, Hardcoded Passwords & XSS) Part 2: Investigating the Breach
Honestly, this is a blog title I’ve never expected to write, but hey, data breaches happen – no website is exempt from that. I will
Read moreYour website needs a CSP. Here’s why
Here’s a scenario: You create a website and make it available online. Your website ends up getting hacked (it happens frequently, by the way..) The
Read moreYour website has assets – You need SRI
All websites have something worth protecting. Those valuable things are frequently loaded from a CDN (Content Delivery Network) which is a distributed network of data centers
Read moreThe path to a custom Firewall and a Content Security Policy on a Blog
Few years ago I found myself looking for a firewall. I’ve looked at various options from various security companies, but couldn’t find what I was
Read moreCreating a Secure Login Page
Login pages – they’re everywhere. Almost every website has a login page – from big companies to discussion forums. In this blog post I’ll try
Read moreTo padlock or not to padlock? SSL Explained
You visited a website, you saw a green padlock saying “Secure”. Cool. But what does that actually mean? Does that mean a website can’t be
Read moreUnderstanding & Mitigating Cross-Site Request Forgery (CSRF)
CSRF. Easy, enormously effective, frequently misunderstood. This attack can be called a sleeping lion because it is not taken as seriously as it should be.
Read more