I believe in releasing code as early as possible and often. So I’ve released another version of JSCK, the code isn’t a complete solution at the moment and is more of a proof of concept rather than a final version you can use on live sites but it highlights the method well and should provide […]

I had a great idea to protect against CSRF, use my random Javascript creation technique! I already knew it was possible to use it in this way but I wanted a nice solution that anyone could incorporate into their site. PHP first creates a random session key using random code blocks, then Javascript does the […]

After the success of my “a bit of fun” challenge, a few people asked for some more challenges. So I was answering a question on a mailing list that I’m a member of and I thought it would be a good topic for a little challenge and help sharpen everyone’s regular expression skills. The rules […]

I’ve been busy catching up with some of the projects I’ve been working on and I’m pleased to announce a new version of Hackvertor, if you don’t know what it is check it out. It’s a useful tool to help with conversions and pen testing server side XSS filters. I decided to write the tool […]

I’m pleased to announce that I have recently joined Blogsecurity which is fantastic news because I can work with some excellent people and develop free open source software which will help blogging security. WordPress Lockdown and WPIDS We’ve already been working on a security plugin for WordPress which combines my previously unreleased plugin WP Lockdown […]

Many developers often design their system security based on what the software does; this is a mistake you should always design a security system based on what your software might do. I’m quite surprised when people don’t understand this, I often think of potential scenarios and discuss flaws in a current implementation based on those […]

Update… Verisign have now fixed the vulnerability. I’ve wrote about this before but I’m sure that some people might not know the risks involved, so I’ve created a demonstration of how to use CSS and iframe overlays to take any section of a web site and place it on any other web site. The user […]

I was bored again and I fancied creating something useful to easily convert between entities etc. I was inspired by Mario’s excellent encoding tool, which I really like but I wanted to be able to convert to unicode and use multiple strings at once. So I give you…. Hackvertor!! which will allow you to use […]

I’ve finally taken the time to update my spam protection plugin for WordPress, the original plugin worked well and stopped pretty much any automated spam. But I decided to update it because a few users were reporting problems on this site and other sites, for some reason it didn’t work with IE7. Rather than just […]

I’ve decided to remove my feed from Planet PHP because of some small minded commentors (Jani and David Rodger). I would like to thank everyone who has read my blog on the planet php feed and I hope I have provided some useful information. If you didn’t think I was relevant to PHP Planet you […]