You can't secure what you don't acknowledge.SM

Monday, February 13, 2012

Is it really possible to get users on board with security?

I think so. Here's how.

I don't think that user awareness and training is THE answer to information security like many others believe. I do know that you shouldn't let another year pass without getting your users on board with what you're doing.

Sunday, February 12, 2012

SQL injection cheatsheet & tips for getting management on board

Here's a neat "cheatsheet" on SQL injection by NTObjectives that outlines some common attack strings, commands and so forth. Their SQL Invader SQL injection tool is worth checking out as well.

If you're having trouble selling management on the dangers of SQL injection, check out this piece I wrote about it not long ago:
SQL Injection – The Web Flaw That Keeps on Giving

Ten Ways to Sell Security to Management

Happy hacking!