logo.png
Guided Website Threat Review

Foregenix Blog

Andrew McKenna

Recent Posts

Andrew McKenna

Containers: Keeping You Secure

,14/09/17 11:50

Given there’s a lot of talk about containerisation in the applications marketplace at the moment, this post is intended to provide a light introduction to the subject with a few pointers on security.

Read More
Andrew McKenna

An Introduction to DevOps

,06/09/17 09:54

We’ll start at the beginning and ramp up really quickly. DevOps is a portmanteau of development and operations. We can consider it to mean automation of platform operations, or scripted operations. 

Wikipedia has the following definition:

"DevOps (a clipped compound of "development" and "operations") is a software delivery process that emphasizes communication and collaboration from concept to market, including product management, software development, and operations professionals. 

Read More
Andrew McKenna

Why You Need To Defend Against Nation State Attacks

,06/07/17 16:21

A few months ago, I was working on a risk assessment with a business and one of the most extreme threats, beyond targeted malware, was an attack by a nation state. Given the nature of the business being assessed wasn't involved in, or related to critical infrastructure, and the IP wasn't such that it was of national or military importance to gain leverage, we gave the risk a low rating. In recent months, due to the leaking of custom malware developed by the NSA, the tools considered available only to nation states are now available to everyone. Where the internet democratised the attack vectors employable against entities with an online presence, the leak of custom, targeted malware, has lowered the barrier to entry such that even non-sophisticated malicious actors can leverage the experience, expertise and destructive force of a nation state.

Read More
Andrew McKenna

Information Privacy, The General Data Privacy Regulation (GDPR) & Your Business

PCI, PA-DSS and P2PE, GDPR

,30/01/17 16:43

To begin, we'll take the following definitions of 'privacy' and 'information privacy' from the International Association of Privacy Professionals:

Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.

Read More
Andrew McKenna

Encryption 102: 5 Methods of Encryption (Part 2)

PCI, PA-DSS and P2PE, Encryption

,07/12/16 16:02

Following on from Encryption 101, this post will focus on different methods of Encryption, when they're applicable and why they are important. 

Read More

Andrew McKenna

Recent Posts

Andrew McKenna

Containers: Keeping You Secure

,14/09/17 11:50

Given there’s a lot of talk about containerisation in the applications marketplace at the moment, this post is intended to provide a light introduction to the subject with a few pointers on security.

Read More
Andrew McKenna

An Introduction to DevOps

,06/09/17 09:54

We’ll start at the beginning and ramp up really quickly. DevOps is a portmanteau of development and operations. We can consider it to mean automation of platform operations, or scripted operations. 

Wikipedia has the following definition:

"DevOps (a clipped compound of "development" and "operations") is a software delivery process that emphasizes communication and collaboration from concept to market, including product management, software development, and operations professionals. 

Read More
Andrew McKenna

Why You Need To Defend Against Nation State Attacks

,06/07/17 16:21

A few months ago, I was working on a risk assessment with a business and one of the most extreme threats, beyond targeted malware, was an attack by a nation state. Given the nature of the business being assessed wasn't involved in, or related to critical infrastructure, and the IP wasn't such that it was of national or military importance to gain leverage, we gave the risk a low rating. In recent months, due to the leaking of custom malware developed by the NSA, the tools considered available only to nation states are now available to everyone. Where the internet democratised the attack vectors employable against entities with an online presence, the leak of custom, targeted malware, has lowered the barrier to entry such that even non-sophisticated malicious actors can leverage the experience, expertise and destructive force of a nation state.

Read More
Andrew McKenna

Information Privacy, The General Data Privacy Regulation (GDPR) & Your Business

PCI, PA-DSS and P2PE, GDPR

,30/01/17 16:43

To begin, we'll take the following definitions of 'privacy' and 'information privacy' from the International Association of Privacy Professionals:

Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.

Read More
Andrew McKenna

Encryption 102: 5 Methods of Encryption (Part 2)

PCI, PA-DSS and P2PE, Encryption

,07/12/16 16:02

Following on from Encryption 101, this post will focus on different methods of Encryption, when they're applicable and why they are important. 

Read More

Cyber Security Insights

Andrew McKenna
14/09/17 11:50

Containers: Keeping You Secure

Given there’s a lot of talk about containerisation in the applications marketplace at the moment, this post is intended to provide a light ...

Read More

Jake Dennys
11/09/17 13:04

Foregenix Achieve 11 Award Nominations in 6 Months

As a UK-based cybersecurity firm, our employees and clients touch every continent on the globe. Despite the company’s small size, with only 91 ...

Read More

Zacharias Pigadas
08/09/17 15:45

Getting The Most Out Of Your Web Application Penetration Test

The purpose of this post is to help clients better prepare, digest and act upon the results of a web application penetration test. A large amount of ...

Read More

Andrew McKenna
06/09/17 09:54

An Introduction to DevOps

We’ll start at the beginning and ramp up really quickly. DevOps is a portmanteau of development and operations. We can consider it to mean automation ...

Read More

Ewan Gardner
07/08/17 14:51

Anatomy Of A Magento Attack: Froghopper

  Magento is the most popular eCommerce web application in the world, with an estimated 236,000 live web sites using the Content Management System ...

Read More