How much should you spend on an external PenTest?

External Penetration Tests today come in all shapes and sizes, from the rudimentary highly automated scanning to the more detailed and human-driven PenTests, with often widely ranging costs to boot (3 to 4 times difference is not unusual for essentially the same thing). Sometimes it’s difficult to work out what form of external PenTest is[…]

Cyber Crime

Encrypt Email addresses at Rest

It seems not a day goes by without some major data breach occurring on businesses systems. Anywhere from a few thousand records to many millions at a time, containing information ranging from names, addresses, telephones number, dates of birth and account details, etc. One thing I have noticed, that seems to be a constant throughout[…]

Will the last AU based start-up please turn off the light?

It appears the Australian Federal Government is determined to do a Thelma & Louise and literally drive off a cliff into the abyss over truly mindless and ill-conceived legislation as concerns encryption, privacy and security. It has the potential to make us totally uncompetitive in global information technology markets and cut off at the knees a fledgling[…]

Systems Architecture & Security, winning at both

Online systems need to be both secure and designed to last, so how can you achieve both and not blow the budget? This article covers a few simple principals you can adopt which are both good for your systems architecture and good for your security. #1 System Components should only do what they say on[…]

Common Security Mistakes That Business Website Owners Make & How to Avoid Them

Cybercriminals and Internet fraudsters are singling out e-commerce sites and blogs of small businesses for their unscrupulous attacks. Nevertheless, as a business website owner, you can enact some simple precautions to thwart the evil designs of these unwanted intruders. The “Fort Disco” Botnet’s Brute-Force Tactic Both small business networks, as well as, their websites are[…]

Hackers want your business website data!

According to reports (see here & here), hackers are becoming a lot smarter in how they attack websites. Rather than trying to individually attack each website they have recognised that standard frameworks are being used to create and maintain websites and thereby making it somewhat easier to attack a whole class of websites ‘en mass’[…]