The 10 Immutable Laws of Security

Back in 2011 Microsoft published the latest version of their 10 immutable laws of security. This list provides a succinct set of ideals that every infosec or sysadmin practitioner should endeavour to follow. Sadly the article (and its predecessor) have since been removed, so I’ve decided to re-publish them with some additional information on each…

Hardening Website Security – Part 3: Website Database Security

Introduction It feels like almost every week there’s another news item about personal information being stolen because yet another company’s website got hacked. Most of these attacks are perpetrated through social engineering, persuading somebody to hand over some detail which allows the hacker to gain additional privileges and, eventually, access to personal information. However, a…

Hardening Website Security – Part 1a: HSTS Preloading

In part 1 of this series of articles we described the HSTS header “Strict-Transport-Security”. This header is used to tell the clients web browser that HTTP Strict Transport Security mode should be enabled so that the browser should remember that this website only uses HTTPS and should not accept any unencrypted traffic.