Secure Design Principles

There are many design principles that can help make applications more secure. Some of these principles are: – Use strong authentication and authorization controls. – encrypt all data in transit. – use least privilege principle when designing access control policies. – never store sensitive information in plain text. – harden systems and keep them up… Continue reading Secure Design Principles

Security Tools and Resources

Security Resources Common Weakness Enumeration (CWE) The CWE is a “list of software weaknesses.” It catalogs and defines types of vulnerabilities, so that these can be easily discussed and addressed. The common Weakness Enumeration (CWE) includes examples of code that have each been identified as having a specific software weakness. The CWE is sponsored by… Continue reading Security Tools and Resources

Developer Security Behaviors to Follow for Safe, Secure Websites

Developers are under constant pressure to release features and updates as quickly as possible. However, in their haste to meet deadlines, many developers neglect to follow basic security behaviors that can leave their websites vulnerable to attack. In this blog post, we will discuss 7 developer security behaviors that you should always follow for safe… Continue reading Developer Security Behaviors to Follow for Safe, Secure Websites

How to Deal with SQL Injection and XSS Attacks in Your Web Applications

Web application interfaces are especially vulnerable to SQL injection and XSS attacks. SQL injection and Cross-Site Scripting (XSS) attacks are some of the most common attacks on web applications. In this blog post, we will discuss how to deal with these attacks, and how to protect your web applications from them. We will also provide… Continue reading How to Deal with SQL Injection and XSS Attacks in Your Web Applications

DevOps Security Handbook

I have decided to start writing a handbook on DevOps Security Practices and release it for free right here on my blog. Eventually, it may be released in print, however at present my intention is to have this be a practical resource for DevOps Engineers in thier day to day jobs and it makes sense… Continue reading DevOps Security Handbook

The start of a new journey

I’ve taken the leap and will be joining a new team soon. After 7 years it’s time for a fresh start. Who know’s where the road will lead, however I can guarantee that it will be interesting.

The pillars of the AWS Well-Architected Framework

Name Description Operational Excellence The ability to support development and run workloads effectively, gain insight into their operations, and to continuously improve supporting processes and procedures to deliver business value. Security The security pillar describes how to take advantage of cloud technologies to protect data, systems, and assets in a way that can improve your… Continue reading The pillars of the AWS Well-Architected Framework

Understanding Layer 7 and Layer 4

Layer 7 Layer 7 is a term used to refer to the seventh and highest layer of the seven-layer Open Systems Interconnect  (OSI) reference model for computer networking.  The OSI model is a method of describing how data moves between two networked devices. This layer, also known as the application layer, supports end-user applications and… Continue reading Understanding Layer 7 and Layer 4

How to secure an application

How would you secure an application? A handy checklist of things to do. There are some simple ways to secure an application on a server. The first thing you should do is set up the proper firewall on your server if possible (NOTE: This may require root access or other administrative rights). You may need… Continue reading How to secure an application

Migrating WordPress from Flywheel

A problem I encountered with a client site recently gave me a headache for a few days. It seems that flywheel do some odd stuff with WordPress behind the scenes. When migrating from flywheel be sure to delete the symlink upgrade folder otherwise you will be unable to upgrade wordpress plugins or core files.