This is officially blog number 300! Just to have some fun and learn a few lessons, let’s look at the movie ‘300’ and see if there are any lessons learned we can apply to information security. While this is more of a fun blog than anything else, there a few nuggets we can take away […]
Today’s security quick tip is brought to you by some API penetration tests I’ve completed over the past few weeks. One of the things I’ve noticed more and more as organizations are developing and implementing APIs as part of their overall application infrastructure is the presence of “greedy” or overly verbose JSON objects in HTTP […]
Back in September, we wrote a blog on the importance of using two separate accounts for administrators, one user-level and one administrative. If you haven’t read it yet, it does a great job of explaining why it is necessary and why it’s a security best practice. The lower-level user account should have limited permission and […]
Today we’re going to put a bow on our series covering different checklists for things you should be thinking about during each of the 5 primary phases of security incident response. We started with the identification phase and how to adequately capture information about a potential security incident to launch an investigation. We then covered […]
Continuing in our key security concept series, this blog will look at the CIA Triad. If you haven’t been following, check out the other blogs in this series on nonrepudiation and dual control. The CIA Triad is one of the most important concepts in information security, as it should drive the actions we take. This […]
Prior to stay at home orders from COVID-19, the 800 million active TikTok users (out of the over 1 billion subscribed users) spent an average of 52 minutes per day on the app. The average user on this social media platform is between the ages of 16-24, and with all these teens stuck at home […]
