November 8th, 2016
With the advent of custom TLDs, phishing attack vectors are growing. Users no longer have to know what the domain is, they must now also be aware of all the domains and tlds a company owns.
February 9th, 2015
For a long time, I didn't protect my actionable links from CSRF attacks. By actionable links, I mean links that will modify data on the server, e.g. "delete product", "publish post", "like". I'd always written these as regular "a href" links, but this can be a very easy to manipulate attack.