The GIAC GSE: The Grandmaster of Information Security Certifications
For anyone interested in Information Security certifications, the GIAC GSE one to keep on your mental radar. It’s a SANS certification (GIAC), but the trick…
Category: Mix
A Few Buddhist Ideas
The greatest achievement is selflessness. The greatest worth is self-mastery. The greatest quality is seeking to serve others. The greatest precept is continual awareness. The…
Meeting NIST API Security Guidelines with Wallarm
On March 25, 2025, NIST released the initial public draft of NIST SP 800-228, “Guidelines for API Protection for Cloud-Native Systems.” The document provides a…
Contemplating Confirmation Bias | Daniel Miessler
Image from weber.edu As I sit here at my allergist waiting on the all-clear after my shots, I’m thinking about something that’s been bothering me…
You asked, we answered: Q&A from The Future of AppSec webinar | Blog
Tom Ryder | 10 April 2025 at 14:33 UTC When we wrapped up our biggest-ever webinar, The Future of AppSec: PortSwigger’s Vision, the conversation was…
How Does One Explain SQL Injection to a Non-Techie?
Earlier today @mubix (Twitter) asked: Here’s my response: SQL Injection is like a telephone operator who has to phonetically relay verbal speech between two people…
The Difference Between CSRF and Clickjacking
This might be obvious to those most familiar with CSRF and Clickjacking, but for those just getting a handle on it, here’s a short explanation…
The Republicans Have Deliberately Chosen to Campaign on Emotion Rather Than Issues
It’s not that their logical arguments are slightly more emotional than democratic logical arguments; they’re actually purposely avoiding logic altogether. Emotion is simply far more…
Did You Know Notepad Could Do This?
Yeah, that Notepad. It has a feature that few know about, and I’m not talking about word wrap. You can actually use it as a…
Facism: “I Don’t Think That Word Means What You Think It Means.”
Many, especially in the blogsphere, are fond of saying, “This country is becoming fascist.” Or, “We’re on a path to fascism.” That sounds cool, and…
The Last Line of Defense Against Growing Cyber Threats
Every year, the number of vulnerabilities discovered and recorded increases. The sheer volume of vulnerabilities makes it impractical for organizations to patch everything, which is…
My Preferred Definition of Security
There is much debate in the information security world regarding the proper definition of security. I have seen dozens of definitions over the years, but…