Category: Application Security
-
Wordfence and a Secure wp-admin
I use WordFence to protect my site from attacks, many years ago I helped a Redditor secure his site (maybe I’ll blog about it one day). He was using WordFence and it found a nasty local file. I’ve enjoyed it enough to where I spoke about it at a security conference a few years ago.…
-
Using AI to Secure Legacy Software
In 2006, I made the decision to stop writing software for Windows (as much as I did at the time), and move to building web applications. The idea was that, unlike desktop applications where I don’t see my users and can’t do updates easily, in a web app I can. I spoke with my brother,…
-
I Messed Up…
Just yesterday, I posted a blog about spying on chip communications. In there, I included a little tidbit that I “deep fried” here. Now, I thought that it was obvious that I was trying to be sarcastic, but today I get an email from my domain registrar telling me that one of my domains has…
-
Stop Using Security Questions
Please stop using security questions. Why security questions were designed with good intentions If you forget your password, a site can ask you a series of security questions. This allows you to recover your account while still potentially authenticating you with questions only you know. Account recovery options are always a great idea, but doing…
-
Typed, but didn’t send?
Obviously, this is pretty old. If you’re still using Facebook, the best option is to delete Facebook. That said, this sort of stuff is still valid on most platforms today.
-
How-To Securing PHP5 $_GET Strings
This is a VERY old post of mine from 2008 that I’m sharing for sport. There are many articles on the internet, none are complete in securing something. This article is no different. Every day holes are found in code, and they rarely get reported right away…and updated right away. But keeping yourself aware of…