since 1999

Bad Password Practices are Responsible For Most Data Breaches. You Can do Better.

Verizon DBIR says 61% of data breaches are the result of bad password practices. Your app can avoid some of the pitfalls with a few precautions, especially using slow hashes and 2FA.

What is the difference between bcrypt and SHA256?

TL;DR; SHA1, SHA256, and SHA512 are all *fast hashes* and are bad for passwords. BCRYPT is a *slow hash* and is good for passwords. Always use slow hashes, never fast hashes.

What is an Abuser Story (Software)

In software development and product management, an abuser story is a user story from the point of view of a malicious adversary. Abuser stories are used with agile software development methodologies as the basis for defining the activities that should be actively blocked or mitigated by the software and proven by automated regression testing.

Adding a Rake Task for SQL Views to a Rails Project

I add and update SQL views to my databases with 'rake db:views'; it's wonderful!

How To Protect Against the POODLE SSLv3 Vulnerability

Issue #6: February, 2014, Web Application Topics Newsletter

Get and compare the current Git branch in BASH

When using Git, this is the easy way to get the current branch within a BASH script and use it to conditionally execute the most appropriate code with an if/else.

Why & How We Remote Pair Program (2013)

Joppar's 'Tips on Securing Your Mobile App' Infographic Quoted Me!