Yes, I know. It has not been weekly. Since I last posted a lot of script kiddies populated my logs but not with anything all that interesting. Until today.
In a rare occurrence for me, I am continuing my series of watching hack logs. You can check out all the episodes here: HOTW For this episode I am pulling out an older record because I think it was rather clever.
Reviewing your logs is an important part of maintaining good system security. One log I watch on a constant basis is my IDS report (mainly because it constantly emails me). This is part one in (hopefully) an ongoing series of looking into what the script kiddies are up to, and how your server might be ...
On last official day with Redport Information Assurance, I received confirmation of my Certified Secure Software Lifecycle Professional acceptance by (ISC)2. I am very grateful that Redport repeatedly covered my training and certification process. Alas, the story of our mutual separation will be a separate blog post.
Last week I passed the (ISC)2 Certified Secure Software Lifecycle Professional (CSSLP) exam. Here are some thoughts (not bound by the (ISC)2 NDA): Cert Types There are two classes of certification within the (ISC)2 family: member and associate. The only difference between the two is how many years of experience you have in the subject area. For full ...
I totally forgot to mention that I was published in the September edition of phpArchitect. Not only that, you can download my article for free. Head on over to https://www.phparch.com/magazine/2015-2/september/ to grab your copy. If you missed my php[world]15 talk, this will get you up to speed.
I had the privilege to present two talks at php[world]15 this week.
Inheriting a legacy app can be an adventure. Sometimes it can be much more than that. Trying to securely lock down a legacy app can be a much larger prospect. Here is a “quick” first pass recommendation.
Here is the slide deck for my talk on Basic Intrusion Detection With PHPIDS. If you attended, please provide feedback at Joind.in
Many years ago I stumbled upon PHPIDS and began incorporating it into all the systems that I built. I wanted to have an extra layer of intel into who was accessing my systems. Last year, at php[tek]13, @enygma started building Exposé, an alternate IDS, based upon the same rulesets as PHPIDS (perhaps motivated by my ...