Security Tutorials

  • By
    An Introduction to Persona

    So you've heard of this new hipster login service called Persona. It promises to relieve you of dealing with passwords, and be easy to setup. Can it really? I'm here to walk you through setting up Persona on your own website, in just a...

  • By
    Force SSL with WordPress

    WordPress, the popular blogging CMS platform, is used as an all-purpose site software these days.  The difficulty in using all-purposes solutions is that they are often difficult to customize when edge cases pop up;  one of those edge cases can be forcing SSL.  Many form pages...

  • By
    AJAX For Evil:  Spyjax with jQuery

    Last year I wrote a popular post titled AJAX For Evil: Spyjax when I described a technique called "Spyjax": Spyjax, as I know it, is taking information from the user's computer for your own use — specifically their browsing habits. By using CSS and JavaScript, I...

  • By
    Disallow Robots Using Robots.txt

    I develop customer websites on a publicly accessible web server so that my customers may check the progress of their website at any given time. I could use .htaccess to require username and password for the site but then I'm constantly needing to remind...

  • By
    PHP, SSL, and cURL SSL3_GET_SERVER_CERTIFICATE Errors

    I recently developed a complex system for a customer that involved PHP, cURL, and a SSL connection to a third party vendor. The third party vendor would validate the security certificate of the source (the system I created) and either allow or reject access.

  • By
    SSLmatic: Quality, Cheap SSL Certificates and Giveaway!

    If you develop eCommerce websites or create applications that request sensitive user information, you're probably well aware of the advantages of using SSL certificates. For those that haven't, SSL certificates: Encrypt data between the user's browser and the web server. Provide peace of mind to users...

  • By
    Email Protection with MooTools JavaScript

    We all know how spammers write scripts to slurp pages and collect as many emails as they possibly can, right? Well, I've created a really easy way to avoid this problem using MooTools JavaScript. Let me show you the process. The XHTML We create a link...

  • By
    Whitelisting:  You Set The Rules For Security

    We all know what blacklisting is when it comes to strings: removing specified "bad" characters. While this helps to secure user input, it isn't as secure as whitelisting. Whitelisting is the process of saying "Let me tell you what you can give me" whereas...

  • By
    AJAX For Evil:  Spyjax

    With great power comes great responsibility. With every advancement in technology we face the threat of it being used for evil purposes. This is the case with AJAX. AJAX has a ton of great uses but one form of negative AJAX has taken...

  • By
    Tips for Protecting Querystring Keys & Values in PHP

    The easiest way to pass information to a page is by placing information in the URL. This, of course, is referred to as the querystring and the information in the querystring can be accessed by using $_GET['varname']. Simple, yes. Insecure, possibly. Here...