A collection of 10 posts
(AppSec) Bloke On Film!
I've now done a few public talks, and finally I can prove it.
Killing Bad Encryption
If your run a website, early TLS is bad. If you run a payment service, early TLS is about to be outlawed. Read on.
If You Make It, Don't Forsake It
When you build something, you want it to stand the test of time, right? In this post, I'll examine why that actually doesn't always happen.
Patch All The Things
In this post, I'll argue the case for ensuring that as much as is physically possible, systems and underlying platforms and infrastructure are kept as up to date as possible.
Monitoring the Baddies
In this post, I provide some insight into how I keep tabs on the bad actors hitting up the web applications I care about.
Using components with known vulnerabilities
In this post, I talk about how using components in your technology with known vulnerabilities can really hurt you.
The (Great) Web Application Firewall
In this post I talk about our experimentation with web application firewalling, the subsequent implementation and what we might do in the future.
Dynamic Application Security Testing
In this post, I talk about dynamic application security testing and why Netsparker is my weapon of choice.
OWASP, My Membership And Why I Value It
In this post, I talk about OWASP, how it's changed web application security where I work, why I became a member and find it important.
AppSec Basics - Still Overlooked
The message I'm trying to get over in this post is that there are some very common different problems other than injection out there that could lead to some pretty disastrous outcomes and in fact most of them are easy to fix.
Page 1 of 1