Practical Security

Security is hard, we know because we've been in the business of making web security easier for over 11 years.

We take complex security issues, break them down into tiny problems, and thoroughly solve each one. Our goal is to provide practical security tools, solutions, and education to help make all applications safer. On this site you'll find all of our thoughts, ideas, projects, and research.




A browser extension and JavaScript that alerts you if the password you're using to authenticate to a website has been involved in a breach.

View Website

JPaseto logo


The simplest and most secure implementation of the PASETO token standard on the JVM. Has gone through extensive security audits.

View on GitHub

Implicit Flow Detector

Implicit Flow Detector

A browser extension that lets you know when a website is using the deprecated OAuth/OpenID Connect Implicit Flow. This extension helps detect weak authentication mechanisms in websites so you can alert website admins.

View Website

The Team

Gaurav Kohli
Security Consultant
Andrew Lee
Security Engineer
Vickie Li's avatar
Vickie Li
Investigator of Nerdy Stuff
Travis Morrow
Security Architect and Sr. Manager of Offensive Security
Sami Laine
Sami Laine
Director, Technology Strategy
Josh Pitts Okta
Josh Pitts
Principal Hacker, Offsec Team
Christopher Bennett's avatar
Christopher Bennett
Staff Detection Engineer
Tom Kellermann's avatar
Tom Kellermann
Head of Cybersecurity Strategy
Indranil Jha
Indranil Jha
Senior CIAM Specialist
cartoon profile pic
Brian Demers
Developer Advocate
Varrun Ramani's avatar
Varrun Ramani
Staff Software Engineer, Security
The Grugq
Hacker Attaché
Sherrod DeGrippo
Sherrod DeGrippo
Sr. Director, Threat Research and Detection
Seth Rosenblatt
Seth Rosenblatt
Editor-in-chief at The Parallax
matt raible
Matt Raible
Developer Advocacy Director
Okta CSO David Bradbury
David Bradbury
Chief Security Officer
Ron Waisberg head shot
Ron Waisberg
Senior Application Security Engineer
Sean Frazier
Sean Frazier
Federal CSO at Okta
Marc Rogers Headshot
Marc Rogers
Senior Director, Cybersecurity Strategy
Brett Winterford Headshot
Brett Winterford
Senior Director, Cybersecurity Strategy
John Richards
John Richards
Senior Manager, Detection & Response Engineering
Steve Ripaldi
Steve Ripaldi
Senior Director, Product & Infrastructure Security
James Brodsky
James Brodsky
Senior Director, Systems Engineering
Moussa Diallo
Moussa Diallo
Sr Manager, Identity Threat Research
Tim Peel, Okta
Tim Peel
Director, Cyber Threat Research