- Introduction
- Information security has taken a high profile in recent years, and rightly so, as it has a bearing on all of us. This website is intended to provide a guide for IT professionals to understand the key issues around security, and it is hoped to be useful to a wider audience. It also aims to provide particular detail to anyone involved in developing and operating web applications. more...
- Desktop
- Keeping a workstation secure is a major challenge when it's used to browse the Internet, open documents sent by email, all the day-to-day things that make a computer useful. At present, this activity carries a high risk of compromise; determined attackers are generally able to compromise desktops. This is very much a front-line in the security battle. more...
- Data Theft
- Many organisations handle people's personal data in bulk, and it can be stolen by malicious employees, leaked by accident, or disclosed through hacking attacks. The ability of criminals to use this data for fraud and identity theft makes it a common target. more...
- Infrastructure
- Traditionally this was the front line of security, but in recent years, network software (such as web and email servers) has greatly improved in security, and defences like firewalls are widely deployed. As such, infrastructure attacks like worms are much rarer. more...
- Web Applications
- Security on the web is relatively immature, and not widely embedded in development processes. With so many teams building web applications, and these performing critical functions such as online banking, this vector poses a major avenue of attack. more...
- Cloud data
- Cloud applications have an important security responsibility to keep tennants' data separate. This can be difficult to implement, resulting in parameter tampering vulnerabilities. This page discusses an approach to enforcing privilege separation, which could reduce coding errors. more...
