On the Usefulness of Penetration Testing Methodologies

Let’s imagine for a moment how the “bad guys” are planning their attacks. In the dark basement with cyber-punk posters covering the graffiti on the walls, with a bunch of half-assembled computers lying here and there, malicious hackers gather around the poorly lit table to decide what version of a Black Hat Attack Methodology toContinue reading “On the Usefulness of Penetration Testing Methodologies”

Leveraging the Strongest Factor in Security (Part II)

Since I’ve written the first part of this post in May, several related articles have appeared in different well-known online resources. The most notable of them, in my opinion, is this piece on Fortune that is trying to bridge infosec and business as many tried (and mostly failed) before them. You don’t have to readContinue reading “Leveraging the Strongest Factor in Security (Part II)”

Leveraging the Strongest Factor in Security (Part I)

In January 2013, Gary McGraw wrote an excellent piece on 13 secure design principles that summarize the high-level ideas any security engineer or architect should be familiar with in order to be called so. Dr. McGraw is of course that smart gentlemen from Cigital who wrote the “Software Security” book, records the “Silver Bullet” podcast,Continue reading “Leveraging the Strongest Factor in Security (Part I)”