I've now done a few public talks, and finally I can prove it.
If your run a website, early TLS is bad. If you run a payment service, early TLS is about to be outlawed. Read on.
When you build something, you want it to stand the test of time, right? In this post, I'll examine why that actually doesn't always happen.
In this post, I'll argue the case for ensuring that as much as is physically possible, systems and underlying platforms and infrastructure are kept as up to date as possible.
In this post, I provide some insight into how I keep tabs on the bad actors hitting up the web applications I care about.
In this post, I talk about how using components in your technology with known vulnerabilities can really hurt you.
In this post I talk about our experimentation with web application firewalling, the subsequent implementation and what we might do in the future.
In this post, I talk about dynamic application security testing and why Netsparker is my weapon of choice.
In this post, I talk about OWASP, how it's changed web application security where I work, why I became a member and find it important.
The message I'm trying to get over in this post is that there are some very common different problems other than injection out there that could lead to some pretty disastrous outcomes and in fact most of them are easy to fix.