InfoSec Killing Bad Encryption If your run a website, early TLS is bad. If you run a payment service, early TLS is about to be outlawed. Read on.
AppSec If You Make It, Don't Forsake It When you build something, you want it to stand the test of time, right? In this post, I'll examine why that actually doesn't always happen.
InfoSec Patch All The Things In this post, I'll argue the case for ensuring that as much as is physically possible, systems and underlying platforms and infrastructure are kept as up to date as possible.
AppSec Monitoring the Baddies In this post, I provide some insight into how I keep tabs on the bad actors hitting up the web applications I care about.
AppSec Using components with known vulnerabilities In this post, I talk about how using components in your technology with known vulnerabilities can really hurt you.
AppSec The (Great) Web Application Firewall In this post I talk about our experimentation with web application firewalling, the subsequent implementation and what we might do in the future.
AppSec Dynamic Application Security Testing In this post, I talk about dynamic application security testing and why Netsparker is my weapon of choice.
AppSec OWASP, My Membership And Why I Value It In this post, I talk about OWASP, how it's changed web application security where I work, why I became a member and find it important.
AppSec AppSec Basics - Still Overlooked The message I'm trying to get over in this post is that there are some very common different problems other than injection out there that could lead to some pretty disastrous outcomes and in fact most of them are easy to fix.