Securing Social / Locking Login / Armoring Authentication
Authentication might be the single biggest hazard for web security over the next decade. It's not that the fundamentals of authentication are particularly challenging; we've understood the basic principles behind password management, push-based authorization, and device certificates for some time ... Read More
Composing Defences: The Case for Building Defence in Height
Often, in the information security community, we bandy about terms like “defence in depth” or “layered defences.” Most of the time, it’s just a platitude for “buy more stuff.” It’s worth exploring the way these terms evolved, and how we should think about defensive architectures in the world defined not ... Read More
