The 10 Immutable Laws of Security

Back in 2011 Microsoft published the latest version of their 10 immutable laws of security. This list provides a succinct set of ideals that every infosec or sysadmin practitioner should endeavour to follow. Sadly the article (and its predecessor) have since been removed, so I’ve decided to re-publish them with some additional information on each…

Hardening Website Security – Part 3: Website Database Security

Introduction It feels like almost every week there’s another news item about personal information being stolen because yet another company’s website got hacked. Most of these attacks are perpetrated through social engineering, persuading somebody to hand over some detail which allows the hacker to gain additional privileges and, eventually, access to personal information. However, a…