Practical Security

Security is hard, we know because we've been in the business of making web security easier for over 11 years.

We take complex security issues, break them down into tiny problems, and thoroughly solve each one. Our goal is to provide practical security tools, solutions, and education to help make all applications safer. On this site you'll find all of our thoughts, ideas, projects, and research.

Projects

Passprotect

A browser extension and JavaScript that alerts you if the password you're using to authenticate to a website has been involved in a breach.

View Website

JPaseto

The simplest and most secure implementation of the PASETO token standard on the JVM. Has gone through extensive security audits.

View on GitHub

Implicit Flow Detector

A browser extension that lets you know when a website is using the deprecated OAuth/OpenID Connect Implicit Flow. This extension helps detect weak authentication mechanisms in websites so you can alert website admins.

View Website

Articles

Why BGP Hijacking is Still a Threat

When the Internet goes down, rendering everything inaccessible from mission-critical business services to mental stability-critical meme generators,...

Executive Order on Improving the Nation’s Cybersecurity — Ushering in a New Age of Security

Yesterday, President Biden took a major step forward in ensuring that the US government has the resources and focus needed to address our...

Uncovering and Disclosing a Signature Spoofing Vulnerability in Windows Installer: CVE-2021-26413

Okta Security has discovered and disclosed a new bypass in Windows Installer (MSI) Authenticode signature validation that could allow an attacker to...