I recently covered a few sections from the Verizon Data Breach Investigations Report (take a look if you haven’t already).  I also mentioned another one of my favorites, the WhiteHat Security Website Security Statistics Report.  This report gives an insightful overview of a constantly evolving and frequently targeted attack vector, web applications.  Ignoring my strong […]

For those of you who are new to the topic, multi-factor authentication is a security system that requires more than one method of authentication from different categories in order to verify the identity of a user.  MFA is becoming increasingly popular (if not necessary), especially when looking at the data presented in the Verizon Data […]

At this point, I think it’s a relatively well known fact that passwords should be hashed in storage.  If you or your development teams are storing passwords in plain text, the keys to every user’s kingdom are sitting there begging to be stolen.  Really, all it takes is one little SQL injection to expose every user’s password […]

I remember during my senior year of college the struggle and confusion surrounding where to start my career.  Luckily, I had a very helpful professor who gave me an overview of the different paths a security professional can take.  As I started my career, it became apparent that it wasn’t as simple as he explained. […]

If you haven’t had a chance to read through any of the 2015 reports yet, I’d highly suggest taking some time to do so.  The data presented in these reports is highly valuable to any information security professional, and it really gives a clear overview of how the field is changing year by year.  Two […]

I don’t know about you guys, but I’m constantly on Amazon looking for new books to read.  I’ve managed to acquire a decent collection of books and read through the majority of them.  I figured I’d share a few of my favorites, and give a little insight on each of them. The Web Application Hacker’s […]

Someone once said that “no security hole is too small”.  The longer you work in the information security field, the more relevant this becomes.  So many times, it’s been shown that the tiniest details can lead to massive data breaches.  The 2013 Target breach is a prime example.  Attackers first broke into Targets network on […]