Every application must be designed, and the ethical consideration of that tool’s use (or misuse) must be key to the technical design. by Eric Mann

Terminology in security can be a finicky thing. When talking about either security-related or adjacent topics, it’s best to be precise in what each term you choose actually means.by Eric Mann

Roughly twice a year, I take time to play a game with my team. To those who play Dungeons & Dragons, this might sound familiar. I spend time planning a particular campaign, then each team member picks a role and plays through it. > >Except we’re not fighting monsters or casting spells. Instead, I take […]

Now that the snow is melting, we’re beginning to see the first signs of Spring. With Spring comes the rain, wildflowers and honeybees, bouncing bunnies in the park, and conference season. Traveling for conferences and other events can be exciting for many. But what most don’t realize is just how risky it can be. by […]

Continuing on last month’s trend, we want to spend some time defining and explaining some of the terms and jargon frequently used by practitioners in the security community. Fortunately, this month’s term is likely one you’ve already come across in business: phishing. by Eric Mann

When two InfoSec practitioners get together, they often resort to a sort of short-hand in conversation to make things easier. This leverages slang, jargon, or other insider references that are opaque or confusing to those outside our community. Rather than coming up with new terms, it’s often easiest to spend that time disambiguating the jargon […]

Every developer should strive to not only build a quality application but also to ensure that security is baked in at every phase of development. Applications handling customer payment information are even more critical to secure. Firstly, it’s just the right thing to do to ensure that you handle customer payment data appropriately. But if […]

Every successful development team has two things in common: They’ve shipped a product and accepted compromises to make that shipment possible. by Eric Mann

Building APIs in PHP often exposes us to the potential of obscure bugs that can otherwise compromise the security of our application. Building too pure of an API – and relying on clients to provide too much information about the objects they’re referencing – is one such risk. by Eric Mann

October is recognized as Cybersecurity Awareness Month in the United States. It’s a great opportunity to stop, take stock of your current security stance, and make incremental improvements where possible. by Eric Mann