Practical Security

Security is hard, we know because we've been in the business of making web security easier for over 11 years.

We take complex security issues, break them down into tiny problems, and thoroughly solve each one. Our goal is to provide practical security tools, solutions, and education to help make all applications safer. On this site you'll find all of our thoughts, ideas, projects, and research.

Projects

Passprotect

A browser extension and JavaScript that alerts you if the password you're using to authenticate to a website has been involved in a breach.

JPaseto

The simplest and most secure implementation of the PASETO token standard on the JVM. Has gone through extensive security audits.

Implicit Flow Detector

Implicit Flow Detector

A browser extension that lets you know when a website is using the deprecated OAuth/OpenID Connect Implicit Flow. This extension helps detect weak authentication mechanisms in websites so you can alert website admins.

Articles

Auth0 Code Repository Archives From 2020 and Earlier

Notification of Auth0 Code Repository Archives Security Event: No Customer Action Required, Auth0 Fully Operational. In alignment with our core value...

Phishing Resistance and Why it Matters

In the wake of recent security events at Uber and Twilio, organizations are understandably interested in pivoting to authenticators that offer the...

Detecting Scatter Swine: Insights into a relentless phishing campaign

Summary Twilio recently identified unauthorized access to information related to 163 Twilio customers, including Okta. Access was gained to...

Read More on the Blog

Disclosure 2020

Watch all the Disclosure videos

The Team

Gaurav

Security Consultant

Security Engineer

Investigator of Nerdy Stuff

Security Architect and Sr. Manager of Offensive Security

Sami Laine

Director, Technology Strategy

Josh Pitts Okta

Principal Hacker, Offsec Team

Christopher Bennett

Staff Detection Engineer

Head of Cybersecurity Strategy

Indranil Jha

Senior CIAM Specialist

Developer Advocate

Staff Software Engineer, Security

thegrugq

Hacker Attaché

Sherrod DeGrippo

Sherrod DeGrippo

Sr. Director, Threat Research and Detection

Seth Rosenblatt

Seth Rosenblatt

Editor-in-chief at The Parallax

matt raible

Developer Advocacy Director

Okta CSO David Bradbury

Chief Security Officer

Ron Waisberg head shot

Senior Application Security Engineer

Sean Frazier

Federal CSO at Okta

Senior Director, Cybersecurity Strategy

Brett Winterford

Senior Director, Cybersecurity Strategy

John Richards

Senior Manager, Detection & Response Engineering

Steve Ripaldi

Senior Director, Product & Infrastructure Security

James Brodsky

Senior Director, Systems Engineering

Moussa Diallo

Sr Manager, Identity Threat Research

Tim Peel, Okta

Director, Cyber Threat Research

Defensive Cyber Operations