Photo by KOBU Agency on Unsplash

Times and technologies change, but a few good ideas are still the same. With consistent application, a handful of wise practices can help deter a slew of cybersecurity attacks. While implementation differs across applications, learning to lead development teams with a cybersecurity mindset boils down to a few fundamental concepts:

Photo by Richy Great on Unsplash

As I write this, the front page of declares in big bold letters that this is “Where the world builds software.” This is true. In technology companies today, the creation of your product is largely happening where your developers spend time. …

Magnifying glass
Photo by Markus Winkler on Unsplash.

Yes, you can have an interactive search feature on your static site! No need for servers or paid subscriptions here. Thanks to the open source Lunr and the power of the Hugo static site generator, you can create a client-side search index with just a template and some JavaScript.


I’m very happy and proud to share that the Open Web Application Security Project (OWASP) Web Security Testing Guide v4.2 is now available! This update is the result of a lot of hard work by the repository team and many dedicated contributors. …

Laptop with design software
Photo by NordWood Themes on Unsplash.

If you happen to visit my website, you may notice I’ve spruced it up a bit. can now better respond to your devices and preferences!

Here’s how to use CSS media queries and custom properties to improve your visitor’s browsing experience with just a few lines of CSS.

Catering to Color Preferences


Card inside envelope
Photo by Rinck Content Studio on Unsplash.

Here’s how I lovingly built a subscription signup flow with email confirmation that doesn’t suck. You can too.

Introducing Simple Subscribe

If you’re interested in managing your own mailing list or newsletter, you can set up Simple Subscribe on your own AWS resources to collect email addresses. This open source API is written…

Illustration by author.

Setting up new Wi-Fi? Picking the type of password you need can seem like an arbitrary choice. After all, WEP, WPA, WPA2, and WPA3 all have mostly the same letters in them. A password is a password, so what’s the difference?

About 60 seconds to billions of years, as it…

Readers of my blog typically know more about technology and cybersecurity than most people. This article is for most people. If someone you know could benefit from a simple and straightforward cybersecurity starter pack, please share this article with them — it benefits everyone!

My articles are evergreen, but this…

Most people know that a VPN is meant to protect your privacy on public or open Wi-Fi. A lesser-known purpose is to protect your privacy right in your own home, from your own internet service provider (ISP).

A set of Federal Communications Commission (FCC) rules entitled “Protecting the Privacy of…

Testing a peanut butter and jelly sandwich
Cartoon by the author. It’s just soda in the test tube, but I’m not taking chances with that beaker.

If you regard writing tests as a lame checkbox task, nothing could be farther from the truth. Done correctly, tests are one of your application’s most valuable assets.

The Django framework, in particular, offers your team the opportunity to create an efficient testing practice based on the Python standard library…

Victoria Drake

Director of Engineering. Core maintainer, OWASP Web Security Testing Guide. Only a small slice of my posts are here. Get the full pie 👉

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store