pdp pointed out Joe Walker's slides on the matter. They are clear and beautiful and I've embedded them below. I think this complements the "Web Hacking 2.0" post quite nicely.
Continue reading "Web Hacking 2.0 - A Movie"
Straight from Dominic's jargon generation lair, come the following two encryption related terms:
The Towelie Encryption Principle states:
Encryption should be implemented as high up the application stack as possible.
The Underground Fortress Effect
The underground fortress effect is a description of encryption's ability to enforce access controls/authorisation at the layers of the application stack below the layer at which they are defined.
Continue reading "The Towelie Encryption Principle"
I'm definitely making '); DROP TABLE Students -- my son's middle name; ' OR 1==1 -- will be my daughter's.
I recently ran into this debate at a client, and even though I had a fairly good understanding of this issue, the thoughts only struck me with clarity today. This will be fairly obvious to many people, but unfortunately, not all. Hopefully Google will help broadcast my purported clarity.
Continue reading "IDS vs IPS"