Hardening Website Security – Part 3: Website Database Security

Introduction It feels like almost every week there’s another news item about personal information being stolen because yet another company’s website got hacked. Most of these attacks are perpetrated through social engineering, persuading somebody to hand over some detail which allows the hacker to gain additional privileges and, eventually, access to personal information. However, a…

Hardening Website Security – Part 1a: HSTS Preloading

In part 1 of this series of articles we described the HSTS header “Strict-Transport-Security”. This header is used to tell the clients web browser that HTTP Strict Transport Security mode should be enabled so that the browser should remember that this website only uses HTTPS and should not accept any unencrypted traffic.

Hardening Website Security – Part 1: HTTP Security Headers

Introduction It feels like almost every week there’s another news item about personal information being stolen because yet another company’s website got hacked. Most of these attacks are perpetrated through social engineering, persuading somebody to hand over some detail which allows the hacker to gain additional privileges and, eventually, access to personal information. However, a…

Separation of Duties in Software Solutions: A Case Study in Overcee

Separation (or Segregation) of Duties in business and Information Technology is a great internal process which describes restricting the power of any one individual in order to combat mistakes and fraud. R. A. Botha and J. H. P. Eloff in “Separation of Duties for Access Control Enforcement in Workflow Environments” describe SoD as: Separation of…

Understanding Overcee Permissions

Introduction Overcee is about delegation, we want you to use it empower your Service Desk, and to achieve this we have developed an incredibly powerful permissions system so that you control who can do what. Unfortunately, with great power comes great complexity (or something like that), and it would be all too easy to make…