by Eddie, on 05/06/2019 7:15:00 AM

Seen above is real source code we got access to in a recent web application penetration test by exploiting security vulnerabilities caused by poor secure coding practice. While inspecting source …

Read Story
Topics:Pentesting

by Eddie, on 31/05/2019 11:30:00 AM

It seems that every other week, someone is touting a new solution to cyber security. They tell you that all we need to do is install our boldly coloured box …

Read Story
Topics:FundamentalsRisk Assessmentrisk profile

by Nat, on 11/04/2019 4:30:00 PM

Although cybersecurity insurance can appear attractive, it is important that businesses understand it cannot feasibly serve as a replacement for threat mitigation. The majority of cyber threats are avoided by …

Read Story
Topics:FundamentalsRisk Assessmentrisk profile

by Kristian, on 09/04/2019 7:15:00 AM

Overview Injection vulnerabilities are the most common result of mixing user input with system control. An injection vulnerability can have catastrophic results for a system, potentially leading to a full …

Read Story
Topics:FundamentalsPentestingAuthenticationCompromise

by Tim, on 04/04/2019 4:30:00 PM

On the 22nd of February 2018, the Notifiable Data Breach (NDB) scheme came into effect for all organisations with personal information security obligations under the Australian Privacy Act. Since this …

Read Story
Topics:PhishingCompromise

by Nigel, on 02/04/2019 7:30:00 AM

The information security framework for the Australian Government is driven by two main documents: the Protective Security Policy Framework (PSPF) owned by the Attorney-General’s Department, and the Information Security Manual …

Read Story
Topics:ComplianceIRAP / ISM

by Sash, on 15/03/2019 5:32:45 PM

This weekend's Formula 1 Grand Prix has an unlikely parallel to the cyber security industry. You see, Formula 1 is a precisely engineered environment, where suspension load is modelled across …

Read Story

by Tim, on 14/12/2018 12:22:00 PM

In Part 2, the importance of a well-maintained and well-structured hardware and software inventory and the benefits of vulnerability management was explained. The next step in the process of getting …

Read Story
Topics:InsiderFundamentalsAuthentication

by Nat, on 13/12/2018 12:41:00 PM

As high-profile breaches produce increasing public attention, effective information security is more important than ever. Cyber incidents have a potential impact comparable to natural disasters. It is increasingly insufficient for …

Read Story
Topics:Fundamentals

by Nigel, on 10/12/2018 11:02:00 AM

Every information security framework and “best practice” guide to cyber security states that you need “management buy-in”, but why is it important and what does it look like? Management buy-in …

Read Story
Topics:Fundamentals

by Nigel, on 03/12/2018 12:56:00 PM

What Brush Turkeys Have Taught Me About Information Security It is that time of year again when a male brush turkey has made my backyard his home, tearing apart vegetation …

Read Story
Topics:InsiderRed TeamingRisk Assessment

by Eddie, on 29/11/2018 3:02:00 PM

As information security has become more important across organisations, so has the role of an information security leader within organisations. As an information security leader in an organisation, several questions …

Read Story
Topics:InsiderPentestingRed TeamingPhishing

by Tim, on 26/11/2018 3:54:00 PM

In part 1, the importance of knowing your system was discussed, in this article, the importance of properly managing and auditing these assets will be discussed. Proper management of ICT …

Read Story
Topics:Fundamentals

by Security Centric, on 22/11/2018 8:11:09 PM

There is no one size fits all when it comes to cyber security – you cannot uncover your potential risks purely through comparison to another business. That’s where risk profiles …

Read Story
Topics:Risk Assessment

by Kristian, on 22/11/2018 11:42:00 AM

Passwords are obviously required to keep your online accounts and data safe, but how strong is your password? The idea of a strong password can be hard to quantify and …

Read Story
Topics:FundamentalsAuthentication

by Security Centric, on 17/10/2018 7:30:00 AM

Cyber security is a comprehensive multi-faceted approach to identifying, understanding, and then mitigating risks to information systems. In the past cyber security has largely been seen as a technology issue, …

Read Story
Topics:Risk Assessment

by Sash, on 25/05/2018 2:58:00 PM

I have been in Europe for a couple of weeks now working on some longer-term strategic initiatives for Security Centric. My work brought me into a larger number of organisations …

Read Story

by Nigel, on 15/02/2018 5:45:00 PM

A big part of my job is conducting security audits or assessments of clients. In one assessment, I asked a client for some documentation, in this case a system design …

Read Story
Topics:Compliance

by Nat, on 19/09/2017 11:15:00 AM

Multi-factor, or two-factor, authentication (MFA, 2FA) has seen increasing adoption and public awareness. What is it? What benefits does it provide? Is it really worth all that hassle? And how …

Read Story
Topics:AuthenticationPhishing

by Sash, on 17/05/2017 1:17:00 PM

Even the catchy name is not particularly innovative (Heartbleed has to take that prize over others such as BEAST and POODLE). As someone intimately involved in cyber security on a …

Read Story
Content not found

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe to Updates