Credential Stuffing is an attack where credentials stolen from one or more sites is used at other sites, in the hope that the same credentials were used by users on multiple sites. This post discusses some of the steps consumers and services providers can take to prevent these attacks.
“Shift left” is the concept of implementing security from the very beginning and continuously validating that the product is secure. This article is about how to shift security left, based on my experience with very large commercial payment applications and how I helped secure them.
I have been asked multiple time about how to go about starting a security program. This is a short primer that lists some of the things you should do to jump start a security program.
Should you implement HTTP Public Key Pinning (HPKP) for your site? Some reasons I don’t like it in its present form and when it can be acceptable.
Some things to think about before moving to a cloud based solution.