maravis.com – Exploring Information Security

Shifting Security Left

September 9, 2018

“Shift left” is the concept of implementing security from the very beginning and continuously validating that the product is secure. This article is about how to shift security left, based on my experience with very large commercial payment applications and how I helped secure them.

Apps, Articles, General, Process, Products, Security

Apps, Article, General, Process, Products, Security

Jump-start a security program – A short primer

March 1, 2018

I have been asked multiple time about how to go about starting a security program. This is a short primer that lists some of the things you should do to jump start a security program.

Apps, Articles, Compliance, General, Process, Security

Compliance, General, Process, Security

Managing Ransomware Threats

September 23, 2017

If you are trying to find out how to handle a ransom attack after you have been attacked, you are already way too late. Your options are very limited. Either pay or pray that the attackers were really stupid and try to recover the data by engaging a specialized consulting company. What you need to do is plan for this before you are attacked.

Articles, General, Process, Security

General, malware, Process, Security

HTTP Public Key Pinning – Do or don’t?

August 31, 2017

Should you implement HTTP Public Key Pinning (HPKP) for your site? Some reasons I don’t like it in its present form and when it can be acceptable.

Apps, General, Posts, Privacy, Security

Privacy, Security

Business email compromise attack

August 26, 2017

Business Email Compromise (BEC) happens when someone receives an email supposedly from their companies’ CFO, CEO or even their manager asking them to make a payment to a vendor account. In this attack, the person making the payment is socially engineered to make a fraudulent payment.

Articles, Fraud, General, Posts, Process

Fraud, General, Process