Practical Security

Security is hard, we know because we've been in the business of making web security easier for over 11 years.

We take complex security issues, break them down into tiny problems, and thoroughly solve each one. Our goal is to provide practical security tools, solutions, and education to help make all applications safer. On this site you'll find all of our thoughts, ideas, projects, and research.

Projects

Passprotect

A browser extension and JavaScript that alerts you if the password you're using to authenticate to a website has been involved in a breach.

JPaseto

The simplest and most secure implementation of the PASETO token standard on the JVM. Has gone through extensive security audits.

Implicit Flow Detector

Implicit Flow Detector

A browser extension that lets you know when a website is using the deprecated OAuth/OpenID Connect Implicit Flow. This extension helps detect weak authentication mechanisms in websites so you can alert website admins.

Articles

The state of election security

Clichéd as the concept of a perfect storm is, it also feels more apt than ever to describe this year’s American election—and that’s only taking into...

kPop Fans: Non-Traditional, Non-State Actors

kPop Fans The nature of a strategic cyber force is far richer and more varied than is traditionally acknowledged. Earlier this year, Korean pop...

A Quick Look at the 2020 Threat Landscape

There’s no doubt 2020 has already been a turbulent year: COVID-19, civil unrest, contentious elections, widespread economic instability, and major...

Read More on the Blog

Disclosure 2020

Vidyard video

Vidyard video

Vidyard video

Watch all the Disclosure videos

The Team

Security Architect and Sr. Manager of Offensive Security

Marc Rogers, Executive Director of Cybersecurity

Executive Director, Cybersecurity Strategy

Sami Laine

Director, Technology Strategy

Aaron Parecki

Security Architect, Group Manager

Brent Morris

Senior Application Security Engineer

Kevin McDermott

Senior Application Security Engineer

Principal Application Security Engineer

Senior Application Security Engineer

Senior Offensive Security Engineer

Senior Director, Security & Compliance

Senior Security Engineer

Josh Pitts Okta

Principal Hacker, Offsec Team

Sr. Security Engineer, AWS Security

Janani Neelamekam

Security Engineer, Security Response

Senior Director of Information Security

Christopher Bennett

Staff Detection Engineer

Manager, Security Compliance

Security Engineer, Security Response

Staff Software Engineer

Manager, Detection

Karishma Milwani

Security Engineer, Detection

Senior Security Engineer, Prevention

Security Analyst, Assurance

Senior Analyst, Security & Compliance

Randall Degges

Head of Security Evangelism