Practical Security

Security is hard, we know because we've been in the business of making web security easier for over 11 years.

We take complex security issues, break them down into tiny problems, and thoroughly solve each one. Our goal is to provide practical security tools, solutions, and education to help make all applications safer. On this site you'll find all of our thoughts, ideas, projects, and research.

Projects

Passprotect

A browser extension and JavaScript that alerts you if the password you're using to authenticate to a website has been involved in a breach.

View Website

JPaseto

The simplest and most secure implementation of the PASETO token standard on the JVM. Has gone through extensive security audits.

View on GitHub

Implicit Flow Detector

A browser extension that lets you know when a website is using the deprecated OAuth/OpenID Connect Implicit Flow. This extension helps detect weak authentication mechanisms in websites so you can alert website admins.

View Website

Articles

Auditing your Okta org for Legacy Authentication

Using Okta System Logs to monitor use of basic authentication to Office 365: As promised on the Risky Business podcast, here are some System Log...

Malware Detection Using Yara And YarGen

Malware can often be detected by scanning for a particular string or a sequence of bytes that identifies a family of malware. Yara is a tool that...

Why BGP Hijacking is Still a Threat

When the Internet goes down, rendering everything inaccessible from mission-critical business services to mental stability-critical meme generators,...