View Post

SQL Injection Explained

In Cybersecurity, Web Development by Ian CarnaghanLeave a Comment

This entry is part 7 of 8 in the series Prevention and Protection Strategies

SQL injection has been a method of attacking databases through multiple tiers of application infrastructure for many years, MacVittie (2008).  SQL or Sequential Query Language is a database language used to interact with large quantities of data, typically stored in tables inside a Relational Database Management System (DBMS).  Each command using the SQL language typically generates a result set of …

View Post

Usable Security? User Friendly Factors

In Cybersecurity by Ian CarnaghanLeave a Comment

This entry is part 6 of 8 in the series Prevention and Protection Strategies

In his article on usable security, Lampson (2009) asserts that usable security needs to begin with policy and how we model security systems within the organization. He makes the case that security has to be simple and at the same time it has to minimize hassle (for the end user). He concludes that the root cause of this problem is …

View Post

Post Authentication Methods

In Cybersecurity by Ian CarnaghanLeave a Comment

This entry is part 5 of 8 in the series Prevention and Protection Strategies

A lot of time can be spent in an organization firming up authentication and access control systems to ensure greater levels of security to their network. All of this however is only one step to insuring a users credentials are not compromised. Considerations need to be made for post authentication. There are several things organizations can do to mitigate risk …