Practical Security

Security is hard, we know because we've been in the business of making web security easier for over 11 years.

We take complex security issues, break them down into tiny problems, and thoroughly solve each one. Our goal is to provide practical security tools, solutions, and education to help make all applications safer. On this site you'll find all of our thoughts, ideas, projects, and research.

Projects

Passprotect

A browser extension and JavaScript that alerts you if the password you're using to authenticate to a website has been involved in a breach.

JPaseto

The simplest and most secure implementation of the PASETO token standard on the JVM. Has gone through extensive security audits.

Implicit Flow Detector

Implicit Flow Detector

A browser extension that lets you know when a website is using the deprecated OAuth/OpenID Connect Implicit Flow. This extension helps detect weak authentication mechanisms in websites so you can alert website admins.

Articles

Common Pitfalls Of Custom SAML Implementations

SAML is a widely-used protocol for single sign-on, but it can be dangerous. In this article, we'll talk about why.

What’s The Best Security Key to Buy?

There are dozens of security keys, authenticator apps, and password managers available. Which one should you use?

SMS Two-Factor Authentication – Worse Than Just a Good Password?

If a website offers SMS-based authentication, should you enroll? Maybe not! In some cases, it’s worse than not having a second factor at all!

Read More on the Blog

The Team

Security Architect and Sr. Manager of Offensive Security

Marc Rogers, Executive Director of Cybersecurity

Executive Director, Cybersecurity Strategy

Sami Laine

Director, Technology Strategy

Aaron Parecki

Security Architect, Group Manager

Brent Morris

Senior Application Security Engineer

Kevin McDermott

Senior Application Security Engineer

Principal Application Security Engineer

Senior Application Security Engineer

Senior Offensive Security Engineer

Senior Director, Security & Compliance

Senior Security Engineer

Josh Pitts Okta

Principal Hacker, Offsec Team

Sr. Security Engineer, AWS Security

Janani Neelamekam

Security Engineer, Security Response

Senior Director of Information Security

Christopher Bennett

Staff Detection Engineer

Manager, Security Compliance

Security Engineer, Security Response

Staff Software Engineer

Manager, Detection

Karishma Milwani

Security Engineer, Detection

Senior Security Engineer, Prevention

Security Analyst, Assurance

Senior Analyst, Security & Compliance

Randall Degges

Head of Security Evangelism