Filtering user input in web applications: the basics

6 years ago

SQL Injection. Cross-Site Scripting. These are just two of web application security flaws that can be prevented by effectively filtering…

Build Stuff 2018 Retrospective

6 years ago

I do not usually write retrospectives on conferences I have attended, but this was something else altogether. What was it?…

Here’s how I prepare for conferences

7 years ago

Public speaking can be enormously empowering and fulfilling. I have spoken at quite a few international conferences - I always…

CSRF Tokens? What Tokens?

7 years ago

In a previous blog post where I covered Cross-Site Request Forgery and what potential impacts and consequences such an attack…

Bank-grade Security or Why Blocking Password Pasting is not a Good Security Strategy

7 years ago

Your friend creates a website. You are curious and you ask him: "is it secure?", which, in your mind, probably…

Carriage Return Line Feed (CRLF) Injection Explained

7 years ago

How does a server know when a new header begins and the old one ends or when a line is…

2017 OWASP Top 10 for PHP Developers Part 10: Insufficient Logging & Monitoring

7 years ago

Another day, another web application gets hacked. Most of the time web application hacks fly under the radar and are discovered…

2017 OWASP Top 10 for PHP Developers Part 9: Using Components with Known Vulnerabilities

7 years ago

Attacks on today's web are an unsurprising reality - websites are hacked daily, data is being stolen and leaked left,…

2017 OWASP Top 10 for PHP Developers Part 8: Insecure Deserialization

7 years ago

When developing a web application, web developers sometimes need to first turn data into a proper format so that it…

2017 OWASP Top 10 for PHP Developers Part 7: Cross-Site Scripting (XSS)

7 years ago

We have all seen search forms, haven't we? Take a look at mine: The above search form is pretty basic…