I build web applications and I'm into web application security. I like to speak about secure development. My mission is to teach web developers how to build secure and fast web applications and why. (more about me, contact)

My trainings

And this is what they say about them: Originally, I've arranged Michal's training primarily for my colleagues because "of course I already know these things"... Michal has changed my mind in the first hour of the first day and continued to do so for the whole two days. Thanks to this training I finally understood some of the attack/defense concepts in full depth, and especially in the right context. — Jan Pospíšil, Senior PHP developer, Czech Radio

Public trainings

Come to my public trainings, everybody's welcome:

Trainings in Prague are held regularly in the middle of March, June, September, and December, in other cities irregularly.

In-house trainings

Any public training can also be turned into an in-house training. As an extra, I offer these in-house-only courses:

Looking for Introduction to PHP, Classes and objects in PHP? I've handed them over to Martin Hujer. I've discontinued Web application performance, Martin Michálek runs a similar training.


My articles

Check TLS certificate revocation with SSL Labs, crt.sh and OpenSSL

Browsers mostly don't check whether a HTTPS certificate has been revoked so maybe you'd like to do it manually. There are a few ways how to query an Online Certificate Status Protocol (OCSP) server so let's see some of them. You'll need a browser (and the openssl tool).

(read more…)

Maximum HTTPS certificate lifetime to be 1 year soon

Earlier this week at the CA/Browser Forum in Bratislava, Slovakia, Apple has announced that starting September 1st, maximum TLS certificate lifetime in Safari (and probably in the whole macOS and iOS and all apps) will be just 1 year, 398 days exactly. That's very good news. But why?

(read more…)

I don't use any VPN for security or anonymity
October 23, 2019

NordVPN, a VPN service provider, got hacked some time in 2018. In their official response, they say that only one server was affected due to an insecure remote management system left on the machine by the datacenter provider. Private keys got leaked (bad), some other VPN providers were also breached (bad) but that's not what I want to write about (good) because there are better places to read about it.

(read more…)

All articles


My talks

Favorites

Upcoming talks

…at your event or conference, let me know!

Talks

Vyhledávejte na netu jako MacGyver
February 14, 2020, Seminář o kybernetické bezpečnosti (50 minutes)

Defense in Depth
November 27, 2019, 5th #DevopsPilsen (30 minutes)

Zámečky nikoho nezajímaj'
November 21, 2019, F5 Solutions Day – Bratislava (35 minutes)

Vyhledávejte na netu jako MacGyver
November 20, 2019, Kybernetická bezpečnost – řízení procesů a aplikace moderních technologií (50 minutes)

Vyhledávejte na netu jako MacGyver
November 13, 2019, Vítejte v nebezpečném světě, Comimpex (60 minutes)

All talks


Me answering questions

Engage in Continual Learning to Advance your IT Career
May 3, 2019, IT Career Energizer

Michal Špaček z Report URI o smyslu práce, potenciálu i prokrastinaci
January 15, 2019, StartupJobs

Blokování webů a stránek
June 4, 2016, Český rozhlas Online Plus

Na 11. srazu Na volné noze
June 4, 2016, 11. sraz Na volné noze

Webový vývojář musí mít hackerské myšlení
May 30, 2016, Kyberbezpečnost.cz

All interviews