• 3rd Feb 2014 AWS Tips I Wish I'd Known Before I Started

    A collection of random tips for Amazon Web Services (AWS) that I wish I'd been told a few years ago, based on what I've learned by building and deploying various applications on AWS.

  • 8th Apr 2013 Protecting Yourself Against Insecure Websites

    Advice for protecting your online accounts when having to use websites which don't store your passwords securely.

  • 17th Jun 2012 Fix Graphics in Ubuntu 10.04 Lucid Lynx on a Toshiba Portégé

    A quick guide on how to get graphics working on a Toshiba Portégé laptop when running Ubuntu 10.04 Lucid Lynx.

  • 6th Mar 2012 Fix Networking in Ubuntu 10.04 Lucid Lynx on a Toshiba Portégé

    A quick guide on how to get networking working on a Toshiba Portégé laptop when running Ubuntu 10.04 Lucid Lynx.

  • 6th Feb 2011 Secure Session Management Tips

    Eleven tips for securely managing sessions in web applications. Detailing the current best practices along with common security issues and how to protect against them.

  • 4th Jun 2010 Cross Site Request Forgery (CSRF/XSRF)

    A look at what cross site request forgery is, and the techniques you can use to protect your site against it (including how not to protect against it). I also touch on the differences between POST and GET, and the conventions you should use.

  • 9th Feb 2010 Do we Really Need to Keep Typing www?

    A look at whether we really need to type out the 'www.' before a domain. This information can usually be implied, yet some sites continue to fail if you attempt to visit the URL without those four characters, infuriating users and sending them to look elsewhere for business.

  • 14th Jan 2010 Creating a 'Database is Down' Page

    Don't leave your users hanging when your database goes for a walk. Automatically detect the situation and give them something else to read instead.

  • 12th Dec 2009 Taking the Security out of Security Questions

    Security questions are a great way for your users to access their account if they lose their password. They're also a great way for people to hack into your user's accounts. Don't negate a great password system by weakening it with poorly implemented security questions.

  • 3rd Nov 2009 Password Rules Don't Always Help

    Password rules and restrictions are implemented almost everywhere with the intention of forcing complexity to make novice users pick passwords that are harder to crack. In reality they're adding predictability making them easier to crack, and restricting choice, infuriating users who actually do pick complex passwords.

  • 15th Aug 2009 text-transform - Content or Presentation?

    Don't get caught out by the quirks of text-transform: capitalize. It might not behave exactly as you'd expect.

  • 19th Jul 2009 JavaScript is Good, But Should Not be Relied Upon

    JavaScript is a great tool for making the experience of a website better for the user, but it can also turn away lots of users if you don't have a fallback. Always make sure things work without JavaScript too, otherwise you're going to lose visitors.

  • 21st Jun 2009 Storing Passwords - The Wrong, Better and Even Better Way

    Many websites are still storing passwords in a way which compromises user security. Don't put your users at risk, learn how you should (salted hash with key stretching) and shouldn't (plaintext, plain hash, md5, your own algorithm) deal with passwords.

  • 29th Apr 2009 Always Include a Print Stylesheet

    A print stylesheet helps to make sure your website still looks as great when printed as it does on the web. It also helps to save ink by not printing useless items. They're simple to make and can make a world of difference for your users.

  • 7th Aug 2008 Separation of Content and Presentation with HTML and CSS

    It's important to separate the content of a website from it's presentation, just using CSS doesn't always mean this is the case. Here are some common pitfalls people are making in this area.

  • 2nd Mar 2007 Music Recommendation Project

    I'm building a music recommendation engine for my Masters degree.

Picture of Rich Adams.

Hi! I'm Rich. By day I work on cloud security at Indeed. By night I wear a cape and fight crime1. I'm on Twitter as @r_adams, and also used to write things on the PagerDuty blog.

1 probably not true