I tend to operate in accordance with the four principles of Cigital‘s recent Agile Security Manifesto. [su_pullquote align=”right” class=””]NOTE: I cannot state whether I’ve employed Cigital professionally but I have had interaction with them in my career.[/su_pullquote] These principles align with security governance, education and scaling throughout an organization versus roles in security domains taking on… Continue reading Cigital’s Agile Security Manifesto
If you haven’t yet heard of the SSLv3 protocol exploit then where have you been and how can you sleep at night. Surely someone ran past you yesterday (Tuesday 10/14/14) with his hair on fire, screaming about graceful degradation of protocols. You can read about the POODLE exploit process any number of places… Continue reading Brother Can You Spare a Protocol?
Given enough adoption of secure policies and frameworks and a threat agent with adequate resources, access and motivation any control/countermeasure/safeguard can be overcome. This means that a sufficiently motivated and backed threat agent (nee “hacker”) can defeat any one (and in multiple cases, any) security controls put in place. Key takeaway: If you want… Continue reading APT – Advanced, Persistent Threat