Security
Introduction
Information security has taken a high profile in recent years, and rightly so, as it has a bearing on all of us. This website is intended to provide a guide for IT professionals to understand the key issues around security, and it is hoped to be useful to a wider audience. It also aims to provide particular detail to anyone involved in developing and operating web applications. more...
Desktop
Keeping a workstation secure is a major challenge when it's used to browse the Internet, open documents sent by email, all the day-to-day things that make a computer useful. At present, this activity carries a high risk of compromise; determined attackers are generally able to compromise desktops. This is very much a front-line in the security battle. more...
Data Theft
Many organisations handle people's personal data in bulk, and it can be stolen by malicious employees, leaked by accident, or disclosed through hacking attacks. The ability of criminals to use this data for fraud and identity theft makes it a common target. more...
Infrastructure
Traditionally this was the front line of security, but in recent years, network software (such as web and email servers) has greatly improved in security, and defences like firewalls are widely deployed. As such, infrastructure attacks like worms are much rarer. more...
Web Applications
Security on the web is relatively immature, and not widely embedded in development processes. With so many teams building web applications, and these performing critical functions such as online banking, this vector poses a major avenue of attack. more...
Cloud data
Cloud applications have an important security responsibility to keep tennants' data separate. This can be difficult to implement, resulting in parameter tampering vulnerabilities. This page discusses an approach to enforcing privilege separation, which could reduce coding errors. more...
© 1998 - 2012 Paul Johnston, distributed under the BSD License   Updated:09 Dec 2012