Category Archives: Blog

Security done wrong and blowing the budget…how not to secure your business

December 22, 2017 / by

The State of Cyber Security: We don’t want a 15 year old breaching our systems, stealing data and taking 13% off our share price as a result…..hmm I think not. If I wanna be hacked the hacker has got to be elite and like an uber hacker right!! It is strikingly obvious that security is still weak for both […]

Read more

Risk – Medieval approaches to AppSec

December 22, 2017 / by

Vulnerability management involves a little more than finding security issues in code and/or hosting systems……I find that much of the industry does not understand that vulnerability management, penetration testing, threat detection, endpoint detection, malware prevention and even anti-virus services and tools are about managing risk. Managing risk is about reducing it to a suitable level […]

Read more

AngularJS and forms security & design

July 24, 2015 / by

Overview Rich internet applications make use of the powerful features that new web browsers come equipped with. The web has come a long way since the dull, stateless server content generated HTML pages of the 90’s. Today it is possible to interact with almost any webpage, thus opening a miryad of possibilities to the user […]

Read more

Rails SQL injection gotchas

December 30, 2014 / by

In this post we’re gonna look at some places where it is possible to inject arbitrary SQL commands into active record queries in Ruby on Rails. ActiveRecord has pretty good protection against SQL injection, so much so that sometimes I think it lulls us into a false sense of security. We’re pretty well protected by […]

Read more