Uncategorized

How phishing negates your firewall

Your corporate firewall. That invulnerable bastion that lets you fearlessly run less-than-secure internal tools like a CRM, a Finance portal. But, is it really invulnerable? Or is it a paper wall at best? We look at how Cross-Site-Scripting vulnerabilities, known session ID cookies or access tokens can allow content from the world to pierce it as if it were not there. We do this using the weakest link: you.

Securing a web (site/app/api)

Ever wondered how to check how secure a site is (yours, another?). In this presentation I show how to do a simple assessment of security.

Free Your Applications: Ditch the IIS, Move Your .NET Apps To the Cloud. Safely. Securely. Simply

Your basement is full of servers running Microsoft IIS with .NET applications, chatting with local databases. You’ve read casually online about Cloud Native, Kubernetes, Containers, Docker. But this doesn’t apply to you, right? I mean, maybe in the future for new things,… Read More »Free Your Applications: Ditch the IIS, Move Your .NET Apps To the Cloud. Safely. Securely. Simply

Covert Exfiltration, Cloud Native

Your virtual-private-cloud private IP setup still has access to key API’s such as storage and messaging. Have you considered exfiltration through these?