Defense in Depth: It’s for Programmers, Too!
“But, we took care of that before, didn’t we?” asked a participant in a web application security course I taught recently. It was a good, logical question. We were discussing “SQL injection” a process where an attacker enters database commands into a website field – in, say a forum or comment section – that could […]
Distinguishing and Combating DDoS Attacks
Cyber Attacker, Brian Krebs, wrote an article criticizing criminals who use DDoS (or Distributed Denial of Service) for extortion. They flood your servers with traffic. This makes them inaccessible to your intended audience. After a few hours of attack you receive a message explaining how you can pay to make it stop. Soon after his […]
How to Instill Cyber Security Across the Organization
“A chain is only as strong as its weakest link” “What a cliché!”, you say. Well, it became a cliché for a reason. People keep saying that because it does describe many situations. It’s a useful way of thinking about the world. In cyber security, we have a crucial security chain with links forged from […]
How to Build Resilience in Critical Infrastructure
Back to Chemistry Class No matter what area of engineering you study, chemistry will be involved. The whole world is made out of chemicals, after all. One of the more interesting sections of my chemistry classes was part of a semester on metallurgy. Some was what you would think of as classical chemistry: the proportions […]