Business threat modeling
These are dangerous times for a business. Every day brings another threat. The sub-prime crisis, the crash of world financial markets, the price of oil (going way up and now going down again), an impending crash of the US sub-prime credit card market (like how long can you charge 35% over the top interest rates?), […]
To write secure code, you do have to think like an attacker
A security checklist for a developer might make it look like writing secure code is kids stuff, but even kids think like attackers sometimes. Microsoft are doing some interesting work on SDL – Secure Development Lifecycle. I’m just not sure I agree with dumbing it all down to a checklist and letting developers work without […]
How many text editors do you know?
Please don’t say you do everything in vi. I returned Friday from a business trip on a data loss prevention project with a client in Poland and I realized it has been a while since I posted to my blog. Totally off topic from data leakage prevention and software security, I just won a small […]
Automated hacking of Joomla Web sites
A lot has been written about Google-aided automation of hacking. There is little I can add to this topic besides some personal and practical advice. If you’re running Joomla 1.5 you may have noticed queries of the sort “powered by joomla .domain_name_extension” in your Apache access.log file. It’s almost certain you’ll find a few of […]
