Sign in Subscribe
Security

Security

The practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.
May
31

TLS secures my data, right?

You have to understand that TLS by-design is intended to have all data read by anyone without any authorisation checks.
6 min read
Sep
01
PCI DSS - Are AWS KMS and CloudHSM suitable?

PCI DSS - Are AWS KMS and CloudHSM suitable?

A look into the suitability of AWS KMS and CloudHSM for use with workloads in-scope of PCI DSS. Who owns
11 min read
Jan
16
Australia - Where Compliance and Regulation Obligations are Unlawful

Australia - Where Compliance and Regulation Obligations are Unlawful

The Australian Government's controversial encryption bill passed the Senate [https://www.abc.net.au/news/2018-12-06/labor-backdown-federal-government-to-pass-greater-surveillance/10591944]
12 min read
Jan
07
Exploiting Orphaned Webserver Files

Exploiting Orphaned Webserver Files

> Detect as a means to defend The idea of this attack is to identify old dependencies with known exploits.
3 min read
Jan
04
Preparing for Independent Penetration Testing

Preparing for Independent Penetration Testing

White box Commonly used by organisations after a black box pentest to validate controls, or as an assurance to the
5 min read
Oct
06
Information Security strategy tips for startups

Information Security strategy tips for startups

Information Security is a broad reaching area of concern for your business. In the enterprise world a large component of
5 min read
Aug
04
Vendor attestations prove nothing about your systems

Vendor attestations prove nothing about your systems

Over the years I've been tasked to implement controls as a developer or self-assess and design controls that
3 min read
Jun
16
ASD Essential Eight Mitigation Strategies to Detect Cyber Security Incidents and Respond

ASD Essential Eight Mitigation Strategies to Detect Cyber Security Incidents and Respond

The Australian Cyber Security Centre (ACSC) has developed The Essential Eight which are mitigation strategies that organisation's can
6 min read
Jun
06
Responding to a troll GDPR Subject Access Request - Australian/NZ Version

Responding to a troll GDPR Subject Access Request - Australian/NZ Version

The General Data Protection Regulation (GDPR) guidance in this post is experience based and your own response should be reviewed
6 min read
Feb
18
GDPR compliance beyond Europe

GDPR compliance beyond Europe

GDPR comes into effect in May 2018 and one of the buzz phrases you might have heard is > the
5 min read