pdp pointed out Joe Walker's slides on the matter. They are clear and beautiful and I've embedded them below. I think this complements the "Web Hacking 2.0" post quite nicely.
Continue reading "Web Hacking 2.0 - A Movie"
The Towelie Encryption Principle states:
Encryption should be implemented as high up the application stack as possible.
The Underground Fortress Effect
The underground fortress effect is a description of encryption's ability to enforce access controls/authorisation at the layers of the application stack below the layer at which they are defined.
Continue reading "The Towelie Encryption Principle"
Following from our win on the risk management consulting front, Forrester just named us the best security consultants. The South African firm contributed one fifth of the client work to this. Gosh, I do like being on top ;)
Deloitte Is A Leader In Security Consulting With Solid Depth And Global Reach
Deloitte has the largest pool of security consultants in the market, and its global reach includes engagements in more than 100 countries. Security, privacy, and information risk management services within the company are integrated into a single enterprise framework, with a mature perspective focused on client value. In our evaluation, Deloitte's current security offering and market presence took the top spot among all other service providers, although its market strategy score slightly trailed its close rival. Its focus on risk management and privacy and its willingness to invest in R&D activities makes it an excellent choice for those looking for technology expertise coupled with sound strategic advice and strong business orientation. Deloitte brings a pragmatic and mature perspective and is best suited for medium- and large-scale, integrated projects requiring information risk management and security services.
Continue reading "IDS vs IPS"