The Defence in Depth Security Model is one of those security concepts I often see incorrectly implemented or not used to its full potential to protect services or systems. There is way more to it than first meets the eye. In this article you will learn: What is the Defence in Depth Security Model? The Read more about The Defence in Depth Security Model Explained[…]
External Penetration Tests today come in all shapes and sizes, from the rudimentary highly automated scanning to the more detailed and human-driven PenTests, with often widely ranging costs to boot (3 to 4 times difference is not unusual for essentially the same thing). Sometimes it’s difficult to work out what form of external PenTest is Read more about How much should you spend on an external PenTest?[…]
It seems not a day goes by without some major data breach occurring on businesses systems. Anywhere from a few thousand records to many millions at a time, containing information ranging from names, addresses, telephones number, dates of birth and account details, etc. One thing I have noticed, that seems to be a constant throughout Read more about Encrypt Email addresses at Rest[…]
It appears the Australian Federal Government is determined to do a Thelma & Louise and literally drive off a cliff into the abyss over truly mindless and ill-conceived legislation as concerns encryption, privacy and security. It has the potential to make us totally uncompetitive in global information technology markets and cut off at the knees a fledgling Read more about Will the last AU based start-up please turn off the light?[…]
Online systems need to be both secure and designed to last, so how can you achieve both and not blow the budget? This article covers a few simple principals you can adopt which are both good for your systems architecture and good for your security. #1 System Components should only do what they say on Read more about Systems Architecture & Security, winning at both[…]
According to this article in Time a truly massive security flaw has been discovered in Internet Explorer on XP. In fact it is so serious that a national security alert has been issued! The way the flaw works sounds similar to that with the HeartBleed bug – in that a hacker can access resources that Read more about Internet Explorer Security Flaw[…]
Cybercriminals and Internet fraudsters are singling out e-commerce sites and blogs of small businesses for their unscrupulous attacks. Nevertheless, as a business website owner, you can enact some simple precautions to thwart the evil designs of these unwanted intruders. The “Fort Disco” Botnet’s Brute-Force Tactic Both small business networks, as well as, their websites are Read more about Common Security Mistakes That Business Website Owners Make & How to Avoid Them[…]
According to reports (see here & here), hackers are becoming a lot smarter in how they attack websites. Rather than trying to individually attack each website they have recognised that standard frameworks are being used to create and maintain websites and thereby making it somewhat easier to attack a whole class of websites ‘en mass’ Read more about Hackers want your business website data![…]