CSSLP Certified

CSSLP Certified
On last official day with Redport Information Assurance, I received confirmation of my Certified Secure Software Lifecycle Professional acceptance by (ISC)2. I am very grateful that Redport repeatedly covered my training and certification process. Alas, the story of our mutual separation will be a separate blog post.

Back on the market

Back on the market
After three years working at the Department of Energy as a Senior Security Software Engineer, I am back on the job market. If you are looking for a web application developer with over 15 years experience, please send me a line. Partnering with my infosec company (Redport Information Assurance) is also cool. I have TS ...

Is the CSSLP worth it? 3

Last week I passed the (ISC)2 Certified Secure Software Lifecycle Professional (CSSLP) exam. Here are some thoughts (not bound by the (ISC)2 NDA): Cert Types There are two classes of certification within the (ISC)2 family: member and associate. The only difference between the two is how many years of experience you have in the subject area. For full ...

Basic Intrusion Detection with Expose

I totally forgot to mention that I was published in the September edition of phpArchitect. Not only that, you can download my article for free. Head on over to https://www.phparch.com/magazine/2015-2/september/ to grab your copy. If you missed my php[world]15 talk, this will get you up to speed.

php[world] Talks: Migrating Data to D8 / Basic IDS with Expose

php[world] Talks: Migrating Data to D8 / Basic IDS with Expose
I had the privilege to present two talks at php[world]15 this week.

ZCE Complete

ZCE Complete
I finally got off my rear and took the Zend Certified PHP Engineer test. And Passed. I took the PHP 5 CE test way back in 2007, so I figured it was about time to refresh things. Right before PHP 7.

Legacy app first pass security

Inheriting a legacy app can be an adventure. Sometimes it can be much more than that. Trying to securely lock down a legacy app can be a much larger prospect. Here is a “quick” first pass recommendation.

php[tek]14 Basic Intrusion Detection Slides

php[tek]14 Basic Intrusion Detection Slides
Here is the slide deck for my talk on Basic Intrusion Detection With PHPIDS. If you attended, please provide feedback at Joind.in

IDS Showdown: PHPIDS vs Exposé

Many years ago I stumbled upon PHPIDS and began incorporating it into all the systems that I built. I wanted to have an extra layer of intel into who was accessing my systems. Last year, at php[tek]13, @enygma started building Exposé, an alternate IDS, based upon the same rulesets as PHPIDS (perhaps motivated by my ...

Taking Flight with AngularJs

Taking Flight with AngularJs
Lately at work we have been getting into the Flight PHP framework for simple REST-like services with an AngularJS front end. We have had to do a bit of juggling however to get one of the nicer AngularJS features to work: “html5Mode”. Here is what we did.