www.michalspacek.com
Open in
urlscan Pro
2a05:d018:252:8f00:fe52:a8fb:27cb:748a
Public Scan
Submitted URL: http://michalspacek.com/
Effective URL: https://www.michalspacek.com/
Submission: On January 31 via manual from DE — Scanned from DE
Effective URL: https://www.michalspacek.com/
Submission: On January 31 via manual from DE — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
MICHAL ŠPAČEK -------------------------------------------------------------------------------- I build web applications and I'm into web application security. I like to speak about secure development. My mission is to teach web developers how to build secure and fast web applications and why. (more about me, contact) MY TRAININGS And this is what they say about them: Originally, I've arranged Michal's training primarily for my colleagues because "of course I already know these things"... Michal has changed my mind in the first hour of the first day and continued to do so for the whole two days. Thanks to this training I finally understood some of the attack/defense concepts in full depth, and especially in the right context. — Jan Pospíšil, Senior PHP developer, Czech Radio PUBLIC TRAININGS Come to my public trainings, everybody's welcome: Trainings in Prague (or remote) are held regularly in the middle of March, June, September, and December, in other cities irregularly. IN-HOUSE TRAININGS Any public training can also be turned into an in-house training. As an extra, I offer these in-house-only courses: * PHP application security * HTTPS for developers & admins * Security for users Looking for Introduction to PHP, Classes and objects in PHP? I've handed them over to Martin Hujer. I've discontinued Web application performance, Martin Michálek runs a similar training. -------------------------------------------------------------------------------- MY ARTICLES Origin, site, eTLD, eTLD+1, public suffix, PSL. What are they? November 20, 2023 origin, same origin, site, same site, eTLD, PSL We call it pages, domains, servers, websites, internets and we hope the other party will understand. Maybe, maybe not, but that can always be cleared with the additional “wait, a server, don't you mean a website?” You can't just ask those questions when reading various specifications and technical documents, so they try to call things by their correct names and in a consistent manner. And they do it so well that terms like origin, site, same origin, same site, eTLD and public suffix are normally not even translated to other languages, because then nobody would understand it. And how does the attractiveness of subdomains relate to this? (read more…) Overriding HTTP response content in Chrome October 5, 2023 Chrome, Developer tools The Chrome browser (and others like Edge) allows you to override both HTTP response headers and the response content. I've previously written about overriding the headers for testing purposes, let's see how you can override the body, or the content itself, as well. Starting with Chrome 117 (released in September 2023) it's also greatly simplified. (read more…) Validity period of HTTPS certificates issued from a user-added CA is essentially 2 years August 18, 2023 HTTPS, TLS, certificates, Apple, Safari, Chrome, Firefox Since 2020, maximum lifetime of HTTPS certificates is limited to 1 year, exactly 398 days. I've previously written about the history and the reasons behind the change. But the reduced lifetime applies only to certificates issued from a public certification authority (CA) added to the operating system's or the browser's trusted root store by the vendor. (read more…) All articles -------------------------------------------------------------------------------- MY TALKS FAVORITES * HTTP hlavičky, Subresource Integrity a spol. chrání vaše návštěvníky před bezpečnostními chybami * XSS PHP CSP ETC OMG WTF BBQ, o Cross-Site Scriptingu a Content Security Policy * Hlava není na hesla, použijte na ně raději password manager * HTTPS, co, proč, jak, zač, nač, kdy, kde, s kým a proti komu * Webová bezpečnost, popis několika základních útoků i méně známých triků * Jak jsme zlepšili zabezpečení Slevomatu a jak byste měli udělat to samé * Zahashovat heslo, uložit, …, profit!, o správném hashování hesel UPCOMING TALKS …at your event or conference, let me know! TALKS Moderní problémy vyžadují moderní řešení Czech October 8, 2023, LinuxDays 2023 (50 minutes) DOM XSS and Trusted Types May 11, 2023, OWASP Czech Chapter Meeting (60 minutes) Co zajímá Špačka na nových verzích PHP? Czech October 6, 2022, 51. sraz přátel PHP v Praze v CareCloudu (15 minutes) Každej den je pátek, dejte mi od deployování svátek Czech June 3, 2022, PHP live 2022 (40 minutes) Jak princezna finálně zatočila s (DOM) XSS Czech February 17, 2022, JSDays 2022 (60 minutes) All talks -------------------------------------------------------------------------------- ME ANSWERING QUESTIONS Michal Špaček: Před připojováním na veřejné Wi-Fi sítě už nevaruju September 5, 2022, Lupa.cz O temné straně UX designu March 1, 2022, BlueGhost Update Bezpečnost na internetu February 2, 2021, Jak na sítě Grading How Companies (In)Securely Store Passwords August 1, 2019, All Things Auth Podcast Engage in Continual Learning to Advance your IT Career May 3, 2019, IT Career Energizer All interviews Michal Špaček • Contact • mail@michalspacek.cz LinkedIn • @spazef0rze • Mastodon • Facebook • GitHub Cookies • RSS Česky UPC Wi-Fi keys Password storages Other projects