Recover s2k Mode 0 Session Key from Passphrase
TL;DR This guide shows you how to recover an s2k mode 0 session key when all […]
Fix Persistent CSRF Alerts
TL;DR Your anti-CSRF scanner is still flagging issues even after adding a _csrf token to your […]
SQL Injection Login Bypass: Fix Guide
TL;DR Someone might be able to log in to your website without a password if it’s […]
Stop Cookie Replay Attacks
TL;DR Cookie replay attacks happen when someone steals your cookie and uses it to pretend to […]
CSRF Protection with HTTPS
TL;DR HTTPS protects data in transit, but doesn’t stop Cross-Site Request Forgery (CSRF) attacks. This guide […]
CSRF Protection: Tokens vs Referer Checks
TL;DR Anti-CSRF tokens are much more reliable than relying on the Referer header or simple POST […]
Secure WebSockets: Stopping Denial of Service
TL;DR WebSockets are great for real-time apps, but they’re vulnerable to DoS attacks because a single […]
Stopping Forensic Tools
TL;DR This guide shows you how to make it harder for someone trying to investigate your […]
Stop Phishing: A Practical Guide
TL;DR This guide gives you simple steps to protect yourself and your organisation from phishing attacks. […]
Spotting Phishing Emails: A User Guide
TL;DR Phishing emails try to trick you into giving away personal information. This guide shows you […]