Defense-In-Depth Archives

The False Choice of Risk Versus Reach

by Don Bowman | 2020-06-06 | Defense-In-Depth, IT-Modernisation

Risk versus Reach. A false choice. We should not materially compromise security to reach more users.

Secure the Cookie!

by Don Bowman | 2020-06-02 | Defense-In-Depth, web app security

The humble cookie. So controversial. So complex to secure. If your web app must have them, you must secure them.

The browser was the accomplice

by Don Bowman | 2020-05-31 | Defense-In-Depth

You and your browser run inside a nice safe firewall. A firewall which doesn’t do what you think. Explore how the browser is the accomplice to the crime.

Zero Trust and the NTT Hack

by Don Bowman | 2020-05-30 | Defense-In-Depth

NTT Comm discloses a breach. Firewalls lead to false assurances, allowing wide open internal access.

Fixing the case of the Implicit Flow modification

by Don Bowman | 2020-05-29 | Defense-In-Depth, web app security

Meet Hank. Hank is a web application with a dark secret. It trusts you the user to not change things in the browser. Bad Hank. Learn how to fix it!

Why should I use Content-Security-Policy?

by Don Bowman | 2020-05-28 | Defense-In-Depth, web app security

The Content-Security-Policy headers exists to protect the users of your web site from the content they themselves might create.

The False Choice of Risk Versus Reach

Secure the Cookie!

The browser was the accomplice

Zero Trust and the NTT Hack

Fixing the case of the Implicit Flow modification

Why should I use Content-Security-Policy?

Recent Posts

Recent Comments

Archives

Categories