OSTERING

{OSTERIA}{RUNNING}

home | about

Recent Post

Threat Modeling Remotely with Miro and EoP

Threat modeling with teams is a process that requires visuals, interaction between team members and discussion and so lends itself to everyone being in a room together. This has been quite hard the last two years. It also doesn’t look to be getting any easier, so we should probably get used to it. Here’s how I’ve been doing it with several teams.

...

Application Security is More than Just Pen Testing

So often organizations believe that Application Security stops at penetration testing and fixing vulnerabilities but it is more than that, penetration testing is the reactive side of things but you also need the proactive aspects of Application Security to reduce the flow.

...

CAPEC-STRIDE Mapping

Mapping between the Common Attack Pattern Enumeration and Classification (CAPEC) from Mitre and the S.T.R.I.D.E. Categories used in Threat Modeling.

...

Python3 Notes

This is just a collection of notes I’ve made over a period of time to remind me of certain commands or syntax. I will continue adding to this over time. I’m also going to add my Natural Language Processing notes and Machine Learning Notes in a couple of other articles.

...

Introduction to SAML for Managers

SAML allows your users to be authenticated and authorized without direct interaction with your web site. It does this by creating a trust relationship between the site and a trusted third party who vouches for the identity of the user. This article explains both how this happens and what the additional benefits are.

...

Introduction to Kerberos for Managers

What is Kerberos? It is an authentication mechanism which involves three parties (it takes its name from the mythical creature that had three heads for this reason). Kerberos is a ticket based security protocol. Some Key Concepts Authentication This is the act of verifying you are who you say you are by checking your login credentials. Authorization This is the act of verifying that you have sufficient rights to access the system....

Three Brass Monkeys

In this article I’m going to talk about why we shouldn’t take security for granted, what practices should be part of our process and how the industry may move to enforce this.

...