Category: Application Security

  • Stop Using Security Questions

    Stop Using Security Questions

    Please stop using security questions. Why security questions were designed with good intentions If you forget your password, a site can ask you a series of security questions. This allows you to recover your account while still potentially authenticating you with questions only you know. Account recovery options are always a great idea, but doing…

  • Typed, but didn’t send?

    Typed, but didn’t send?

    Obviously, this is pretty old. If you’re still using Facebook, the best option is to delete Facebook. That said, this sort of stuff is still valid on most platforms today.

  • How-To Securing PHP5 $_GET Strings

    This is a VERY old post of mine from 2008 that I’m sharing for sport. There are many articles on the internet, none are complete in securing something. This article is no different. Every day holes are found in code, and they rarely get reported right away…and updated right away. But keeping yourself aware of…