Practical Security

Security is hard, we know because we've been in the business of making web security easier for over 11 years.

We take complex security issues, break them down into tiny problems, and thoroughly solve each one. Our goal is to provide practical security tools, solutions, and education to help make all applications safer. On this site you'll find all of our thoughts, ideas, projects, and research.




A browser extension and JavaScript that alerts you if the password you're using to authenticate to a website has been involved in a breach.

View Website

JPaseto logo


The simplest and most secure implementation of the PASETO token standard on the JVM. Has gone through extensive security audits.

View on GitHub

Implicit Flow Detector

Implicit Flow Detector

A browser extension that lets you know when a website is using the deprecated OAuth/OpenID Connect Implicit Flow. This extension helps detect weak authentication mechanisms in websites so you can alert website admins.

View Website

The Team

Travis Morrow
Security Architect and Sr. Manager of Offensive Security
Marc Rogers, Executive Director of Cybersecurity
Marc Rogers
Executive Director, Cybersecurity Strategy
Sami Laine
Sami Laine
Director, Technology Strategy
Aaron Parecki
Aaron Parecki
Security Architect, Group Manager
Brent Morris
Brent Morris
Senior Application Security Engineer
Kevin McDermott's avatar
Kevin McDermott
Senior Application Security Engineer
James Jardine's avatar
James Jardine
Principal Application Security Engineer
Kevin Roh's avatar
Kevin Roh
Senior Application Security Engineer
Chris Niggel's avatar
Chris Niggel
Senior Director, Security & Compliance
Omar Darwish's avatar
Omar Darwish
Senior Security Engineer
Josh Pitts Okta
Josh Pitts
Principal Hacker, Offsec Team
Shawn Verzilli's avatar
Shawn Verzilli
Sr. Security Engineer, AWS Security
Janani Neelamekam's avatar
Janani Neelamekam
Security Engineer, Security Response
Yogesh Badwe's avatar
Yogesh Badwe
Senior Director of Information Security
Christopher Bennett's avatar
Christopher Bennett
Staff Detection Engineer
Shawn Maxim's avatar
Shawn Maxim
Manager, Security Compliance
Abhishek Singh's avatar
Abhishek Singh
Security Engineer, Security Response
Weisin Chong's avatar
Weisin Chong
Staff Software Engineer
John Richards' avatar
John Richards
Manager, Detection
Karishma Milwani's avatar
Karishma Milwani
Security Engineer, Detection
Tushar Badlani's avatar
Tushar Badlani
Security Analyst, Assurance
Aakash Yadav's avatar
Aakash Yadav
Senior Analyst, Security & Compliance
Randall Degges
Randall Degges
Head of Security Evangelism