Web Security is Like the Layers of an Onion

If you’ve ever peeled an onion, you’ve seen the multiple layers that make up its existence all the way to the core. Securing your Web presence requires the same approach and it’s called “layered security”. Also referred to as “defense-in-depth”, the layered web security approach…

Read more

Why You Need Intruder Lockout

It’s a very predictable web security flaw — in fact, it’s something I find in the majority of my web security assessments: the lack of intruder lockout on login pages. I know, with all the SQL injection and cross-site scripting present on the web, the…

Read more

Why people violate security policies

Many organizations have a formal set of information security policies covering everything from acceptable internet usage to security in software development to web application security. In fact, it’s hard to come across a business today that doesn’t have at least a policy or two in…

Read more