Development Security

CSRF Is Dead, Long Live SameSite=Lax! (or is it?)

In the original version my talk “Think Like a Hacker and Secure WordPress, live on stage“, I demonstrated a Cross-Site Request Forgery (CSRF) attack. While this attack worked perfectly during WordCamp Brisbane 2019, in-progress changes to Google Chrome (version 80) are bringing about the end of CSRF. (Well, sort of…) In light of this change, […]

Development Security Tutorials

Sign Git Commits With A Keybase GPG Key

A relatively unknown and underused feature of Git is the ability to cryptographically sign commits. It is an optional feature that provides a way for the author of a commit to prove ownership. It uses the author’s GPG key to leave a signature in the commit that can be checked later. If you’re a Keybase […]

Random thoughts

Hello World (again)!

Welcome to my new website. It’s been a long while since I rebuilt my last one (two jobs ago, infact!), so I figured I should launch a new site and get back into the blogging thing. It may surprise some of you, but my site is now running on WordPress again. Yup, WordPress. There are […]