Security Articles

Google Chrome 69 Now Flags HTTP Websites

Google Chrome 69 Now Flags HTTP Websites

April 10, 2018

Earlier today, I upgraded my installation of Google Chrome from version 68 to version 69. While not a major upgrade, there’s a key security update that I want to draw your attention to. Here’s a quick look at it.

How To Write Burp Suite Match and Replace Rules

How To Write Burp Suite Match and Replace Rules

April 14, 2018

Burp Suite’s Match and Replace rules allow you to change parts of a request and a response — which can be a significant help when testing web applications. In this post, I’ll show you how to create them, so that you’ll know how your web applications will react under various conditions.

My Health Record - Do the Risks Outweigh the Advantages?

My Health Record - Do the Risks Outweigh the Advantages?

April 24, 2018

A new health record management system is going live in Australia soon. It’s called My Health Record. It will affect every Australian (and potentially temporary and permanent residents as well) as it will store some of their most intimate information — their health records! But do the risks of such a system outweigh the advantages?

Use these Five Security Headers To Create More Secure Applications

Use these Five Security Headers To Create More Secure Applications

April 26, 2018

There are so many things that we have to get right to creating secure applications. From input validation to output escaping, secure applications take time, effort, and dedication. However, there one thing that doesn’t take much effort, but offers a quick win. Response headers!

How to Intercept Requests & Modify Responses With Burp Suite

How to Intercept Requests & Modify Responses With Burp Suite

April 6, 2017

Recently, I’ve moved into security at ownCloud. As part of the new role, I’ve had to invest lots of time learning about web application security attack vectors and about applications and tools for testing security.

How To Protect Against Brute Force Logins With Fail2Ban

How To Protect Against Brute Force Logins With Fail2Ban

April 6, 2017

One of the most common attack vectors against servers is bruteforce login attempts. This is where attackers attempt to access your server, by trying endless combinations of usernames and passwords. So how do you defend yourself against this kind of attack?