Page 3 of 4812345102030...Last »

May 12th, 2014

Comments: 0
Category: Uncategorized
Read More

Web Application Testing Workshop

We did our Workshop on testing Web Applications at Scottish Ruby Conf today. This took place at Crieff Hydro and was targeted at Ruby developers and other people who are keen on the language. It is the fifth year of the conference this year and Rory has taken part in all of them. The workshop […]

Apr 15th, 2014

Comments: 0
Category: Uncategorized
Read More

Open Source Responsibility

Unless you’ve been living under a rock for the last couple of days you will have noticed a bit of a kerfuffle about a vulnerability in OpenSSL. One of the more notable parts of this story has been the wide variety of large companies who have been seriously affected by the problem. This led me […]

Apr 2nd, 2014

Comments: 0
Category: Uncategorized
Read More

House of Cards

I was reading this post and I was thinking that this is another good example of the general theme in a lot of modern business and security. People will a lot of times neglect some of the “plumbing” of their website and not realise quite how important it is to their site’s security. In the […]

Mar 14th, 2014

Comments: 0
Category: Uncategorized
Read More

Why security is getting worse

I was doing a talk for the OWASP meeting in Glasgow the other day, which covered the OWASP Top 10.  I had made the point that the Top 10 is largely the same now (in its 2013 iteration) as it was in its original iteration in 2003. Someone asked me a question based on that […]

Feb 27th, 2014

Comments: 0
Category: Uncategorized
Read More

For a certain definition of Secure….

Rory recently spoke at a conference about ‘cargo cults’ in security. To summarize, these are ‘security best practices’ which people follow, as a kind of religious belief without ever really thinking about whether they are really valid in the context of today’s threat landscape. We don’t just see these implemented by info sec policies – […]

Feb 21st, 2014

Comments: 0
Category: Uncategorized
Read More

Surface Pro as Server

Now having bought the Surface Pro 2 – I was at a bit of a loss to know what to use my original Pro for. It basically is a lovely device – but with a couple of ‘if at first you don’t succeed – call it version 1.0’ flaws. The worst of these is that […]

Feb 2nd, 2014

Comments: 0
Category: Uncategorized
Read More

Security Testing Windows Store Apps

Rory and I recently presented at Securi-Tay again. This was the third conference organized and led by the students on the ethical hacking course at Abertay University in Dundee. As usual it was well set up and attended and it is good to see that the professional Scottish testers of the future can arrange a […]

Jun 2nd, 2013

Comments: 0
Category: Uncategorized
Read More

Of Human Stupidity

For a number of years, I have felt that tech companies must be seriously lacking in acumen to take the policies they do with regard to their customers.   Yesterday I noticed however that it is not restricted to tech companies, and it makes an interesting study in human stupidity to see this in operation. So […]

May 23rd, 2013

Comments: 0
Category: Uncategorized
Read More

Windows Azure Backup

I just configured the preview version of Windows Azure Backup.  It is very nice looking and easy to use once you get it up and running – but the instructions to install it are difficult to find and a bit patchy. First you have to create a certificate for your vault.  You use a utility […]

May 18th, 2013

Comments: 0
Category: Uncategorized
Read More

Your Framework Will Fail You – Part 2 – Network Controls

This post is part of a series based on a presentation I did for the Scottish Ruby Conference in May 2013 (part 1 here) which was around defense in depth and some of the controls companies should be looking at to help protect them when something goes wrong. The first segment to cover is Firewalling. Network firewalls […]