Categories
Security

Introducing Laravel Security in Depth

I’d like to introduce a new project I’ve just started: Laravel Security in Depth. It’s something I’ve never tried before, or even considered as an option until recently, and I’m very excited to dive into it and see how it grows. What is Laravel Security in Depth? Laravel Security in Depth is a paid mailing […]

Categories
Security Development

CSRF Is Dead, Long Live SameSite=Lax! (or is it?)

In the original version my talk “Think Like a Hacker and Secure WordPress, live on stage“, I demonstrated a Cross-Site Request Forgery (CSRF) attack. While this attack worked perfectly during WordCamp Brisbane 2019, in-progress changes to Google Chrome (version 80) are bringing about the end of CSRF. (Well, sort of…) In light of this change, […]

Categories
Development Security Tutorials

Sign Git Commits With A Keybase GPG Key

A relatively unknown and underused feature of Git is the ability to cryptographically sign commits. It is an optional feature that provides a way for the author of a commit to prove ownership. It uses the author’s GPG key to leave a signature in the commit that can be checked later. If you’re a Keybase […]

Categories
Random thoughts

Hello World (again)!

Welcome to my new website. It’s been a long while since I rebuilt my last one (two jobs ago, infact!), so I figured I should launch a new site and get back into the blogging thing. It may surprise some of you, but my site is now running on WordPress again. Yup, WordPress. There are […]