Posts

Thank you

Your subscription request has been submitted.

You will receive a notification email of new posts when they are published.

There will be an unsubscribe link in the notification emails if you wish to unsubscribe.

OK

The shared responsibility model is one that many have not grasped or understood well. Let’s look at the responsibilities of the parties.

CONTINUE READING

Lack of captchas are a risk, but so are captchas themselves…

CONTINUE READING

Not being able to introspect your application at any given time or being able to know how the health status is, is not a comfortable place to be in and there is no reason you should be there.

CONTINUE READING

Redirects to legacy blog post.

This is where A9 (Using Components with Known Vulnerabilities) of the 2013 OWASP Top 10 comes in. We are consuming far more free and open source libraries than we have ever before. Much of the code we are pulling into our projects is never intentionally used, but is still adding surface area for attack. In this post we address the risks and countermeasures.

CONTINUE READING

Redirects to legacy blog post.

CONTINUE READING

Redirects to legacy blog post.

The following is the process I found to set-up the pass-through of the very common USB TP-LINK TL-WN722N Wifi adapter (which is known to work well with Linux) to a Virtual Host Kali Linux 1.1.0 (same process for 2.0) guest, by-passing the Linux Mint 17.1 (Rebecca) Host.

CONTINUE READING

Redirects to legacy blog post.

All the following offerings that I’ve evaluated target different scenarios. I’ve listed the pros and cons for each of them and where I think they fit into a potential solution to monitor your web applications (I’m leaning toward NodeJS) and make sure they keep running.

CONTINUE READING

Redirects to legacy blog post.

The best time to install a HIDS is on a fresh install before you open the host up to the internet or even your LAN if it’s corporate. Of course if you don’t have that luxury, there are a bunch of tools that can help you determine if you’re already owned. Be sure to run one or more over your target system before your HIDS bench-marks it.

CONTINUE READING

Redirects to legacy blog post.

As part of the ongoing work around preparing a Debian web server to host applications accessible from the WWW I performed some research, analysis, made decisions along the way and implemented a first stage logging strategy. I’ve done similar set-ups many times before, but thought it worth sharing my experience for all to learn something from it and/or provide input, recommendations, corrections to the process so we all get to improve.

CONTINUE READING

Redirects to legacy blog post.

With this set-up, we’ve got one-to-many Linux servers in a network that all want to be synced with the same up-stream Network Time Protocol (NTP) server/s that your router (or what ever server you choose to be your NTP authority) uses.

CONTINUE READING