Ideas and Opinions from the Trenches
There are lots of ways we can optimise what we do, through a data driven approach, but we need to be careful and use critical and creative thinking.
Recently Published
Games with Purpose - Nov 2022
Some interesting security and creativity games plus a few more
Threat Modeling Remotely with Miro and EoP
Threat modeling with teams is a process that requires visuals, interaction between team members and discussion and so lends itself to everyone being in a room together. This has been quite hard the last two years. It also doesn’t look to be getting any easier, so we should probably get used to it. Here’s how I’ve been doing it with several teams.
CAPEC-STRIDE Mapping
Mapping between the Common Attack Pattern Enumeration and Classification (CAPEC) from Mitre and the S.T.R.I.D.E. Categories used in Threat Modeling.
OWASP - Application Security Awareness Campaigns
I’ve just launched the first OWASP Application Security Awareness Campaign with 11 Posters of the OWASP Top Ten 2021 project.
Calculating Risk Across Project Real-estate using Graph Analysis
Prioritising remediation of vulnerabilities based on effective impact and risk using PageRank.
Python3 Notes
This is just a collection of notes I’ve made over a period of time to remind me of certain commands or syntax. I will continue adding to this over time. I’m also going to add my Natural Language Processing notes and Machine Learning Notes in a couple of other articles.
Introduction to SAML for Managers
SAML allows your users to be authenticated and authorized without direct interaction with your web site. It does this by creating a trust relationship between the site and a trusted third party who vouches for the identity of the user. This article explains both how this happens and what the additional benefits are.
Introduction to Kerberos for Managers
What is Kerberos? It is an authentication mechanism...