Featured

I have been writing about the web, online security, programming, and my life with technology for more than 15 years. Here are a few pieces that are my best work.

Books

Essential PHP Security
Essential PHP Security
My critically-acclaimed security guide for PHP developers.

Buy Now
Visit the Book’s Website

HTTP Developer’s Handbook by Chris Shiflett
HTTP Developer’s Handbook
An essential guide to the HTTP protocol for web developers.

Buy Now

Selected Articles & Blog Posts

  • Filter Input, Escape Output

    This modest post became a cornerstone of web app security.

  • JavaScript and URLs

    In 2011, I wrote a post about the growing misuse of JavaScript that remains relevant today.

  • Cross-Site Request Forgeries

    This was the first dedicated article on CSRF. One year earlier, Foiling Cross-Site Attacks covered both CSRF and XSS.

    Published by PHP Architect

  • URL Sentences

    In 2008, I pioneered the concept of URL sentences with my friend Jon Tan. Two years later, I wrote this post about it.

  • Brooklyn Beta Opening

    Before welcoming Viktoria Harrison to the stage at Brooklyn Beta, I shared these two lessons.

  • My Amazon Anniversary

    In 2006, I discovered a critical security vulnerability in Amazon. One year later, I published this post about it.

  • Web Fonts

    Before Typekit, Fontdeck, and Google Fonts, when the idea of web fonts was nascent, I wrote this post in an attempt to make sense of it all.

  • 10 Advanced PHP Tips Revisited

    This was a professional rebuttal to an article on Smashing Magazine. Sean Coates and I go through each and every tip from the original article and either validate and clarify it, or refute it.

    Published by Smashing Magazine

  • LeakedIn

    On the heels of the news that LinkedIn had leaked 6.5 million passwords, some friends and I made a site called LeakedIn to let you know if your password was one of them.