Compliance is not Security

Many folks get confused about the difference between security and compliance. Many, especially those less technically inclined, assume that fulfilling compliance obligations sufficiently addresses security. Unfortunately, that’s not true as demonstrated by the continuing rise of security breaches each year. In this post, I’ll briefly explain the difference between security ... Read More
Silencing Firefox’s Chattiness for Web App Testing

Silencing Firefox’s Chattiness for Web App Testing

| | Penetration Testing
Firefox is one chatty browser! Even if you don’t actually use it for anything, it’s constantly making requests out to the internet for things like updates, checking network status, and sending telemetry data back to Mozilla. When using Firefox for web app testing, I’ve often noticed the constant stream of ... Read More
Checking Under the Bed

Checking Under the Bed

| | Uncategorized
I’ve got four kids and part of their chores involve cleaning up their bedrooms. Inevitably, their understanding of “clean enough” never quite matches our expectations. Now I could just live with the fact that there will always be a huge mess under their beds, but that doesn’t serve the point ... Read More
These Aren’t the Password Guidelines You’re Looking For

These Aren’t the Password Guidelines You’re Looking For

“You don’t need to see his identification.” It’s a classic line. With a flick of the wrist old Ben Kenobi deftly bypasses the identity & access management system of the poor Stormtroopers just doing their job. One would think, in that technological era, so long ago, that more advanced (and ... Read More