Since 1999

Cybersecurity Category

Covering all aspects of security, threats, and best practices.


Engine Yard's 17 Rails Security Tips

Read More »


Troubling ISP Privacy Repeal: The Data Will be Breached

With a green light from Congress & President Trump, your ISP may begin some really creepy business practices that endanger your family's privacy and security.

Read More »


Breach Prevention for Developers Talk at Kennesaw State University

As an information security professional, it’s critical to know something about how custom web applications are developed and the impact that has on application security.

Read More »


Intro to App Sec Podcast Interview

Frank was the guest on the August 29, 2016, Intro to App Sec Episode of the Advanced Persistent Security podcast. Listen here.

Read More »


The MongoDB hack and the importance of secure defaults

If you have a MongoDB installation, now would be the time to verify that it is secure. Tim Kadlec has written a must read post.

Read More »


28th Anniversary of the Morris Internet Worm

Read More »


Bad Password Practices are Responsible For Most Data Breaches. You Can do Better.

Verizon DBIR says 61% of data breaches are the result of bad password practices. Your app can avoid some of the pitfalls with a few precautions, especially using slow hashes and 2FA.

Read More »


It is not just one iPhone, the FBI wants a future where it is impractical to deploy strong encryption without key escrow

The FBI wants a future where it is illegal or impractical to deploy strong encryption without key escrow, which is a key backup system that is insecure at scale. Data breach risks will increase as our devices become less secure.

Read More »


What is the difference between bcrypt and SHA256?

TL;DR; SHA1, SHA256, and SHA512 are all *fast hashes* and are bad for passwords. BCRYPT is a *slow hash* and is good for passwords. Always use slow hashes, never fast hashes.

Read More »


Ruby Application Security Talk Featured in Ruby Weekly Issue # 268

Read More »