Practical Security

Security is hard, we know because we've been in the business of making web security easier for over 11 years.

We take complex security issues, break them down into tiny problems, and thoroughly solve each one. Our goal is to provide practical security tools, solutions, and education to help make all applications safer. On this site you'll find all of our thoughts, ideas, projects, and research.

Projects

Passprotect

A browser extension and JavaScript that alerts you if the password you're using to authenticate to a website has been involved in a breach.

View Website

JPaseto

The simplest and most secure implementation of the PASETO token standard on the JVM. Has gone through extensive security audits.

View on GitHub

Implicit Flow Detector

A browser extension that lets you know when a website is using the deprecated OAuth/OpenID Connect Implicit Flow. This extension helps detect weak authentication mechanisms in websites so you can alert website admins.

View Website

Articles

Your Company Needs YOU: How to Stay Safe from Phishing and Other Human Attacks

Now more than ever, people are targets. For years attackers have been evolving their attacks, looking for new opportunities to find a way in. Attacks...

CrimeOps: The Operational Art of Cyber Crime

Cyber Crime Innovation Is Lucrative Cybercrime rewards innovative organizations. These can innovate at the tactical level (e.g. new or updated...

How Attackers Bypass MFA

To verify your identity, applications typically ask you to provide something you know, such as a password or a secret key. They may also ask you to...