An enthusiasts musings
Professional certification is a necessity in the IT industry. Tertiary education barely scratches the surface of the required skills in the broad range of career paths available to an IT graduate. Some career paths have many certification options available to them. With security being no exception, the problem is that security certifications are misunderstood and …
Continue reading “On security architecture and certification, part 1”
Check out my new resources page, where I plan on maintaining a list of useful resources for a professional or aspiring security architect. It is a work in progress, so don’t shoot it down just yet. As a rule though, I will be updating it with new things on a regular basis. Other than that, …
In my previous article, I briefly went over some of the default security testing options available in existing DevOps deployment tools. In this article, I will cover what can reasonably be included in the DevOps pipeline, and a few caveats faced by security engineers who are trying to add security testing into a fully automated …
[Part 2 of this article can be found here.] I recently did some work with a bunch of great automation engineers. My task was to assist them with adding some automation with respect to security testing. It was an awesome experience, but it left me feeling a bit worried about the continuous deployment world, as …
The WordPress framework makes it very convenient for website owners(both novice and experienced) to extend the core functionality by adding plugins. The trouble is, installing plugins could potentially increase the websites attack surface. In this post, I will discuss the reasons, and how to limit exposure. WordPress does a good job of securing its framework(the …
Over the last few years, WordPress has been the subject of much abuse. First from people of questionable intent, who may or may not disclose any security holes they find, and secondly from bystanders who comment on any disclosed vulnerabilities (of which there have been many). However, there are a few important things to note …
After updating my about page, a few readers have asked me what I got up to, and in which game. I spent many years playing on the local emulated Ultima Online “shards” (most of them). It has now been many years since I last roamed Britannia, but there are still many who do so. Thinking …
It has been 11 days since the public disclosure of a major bug in OpenSSL, known as Heartbleed. I have been asked about my thoughts by a few people(both technical and non-technical), and so I find myself writing this blog post. I must mention that security disclosures occur on a weekly(if not, daily) basis, but …
I have been deliberating since my last post as to what this post should consist of. I knew I wanted to do some domain and technology footprinting, but there is so much extra stuff that can be included in the post. I have decided to limit the scope, therefore not including the extras(these posts will …
The internet has seen many resources come and go since its inception, but where do these resources go when they are long forgotten? I stumbled across the answer(to a certain extent) a while back, and decided to share it. Archive.org is an internet library of web resources, and is a pretty cool website to play …