Shostack + Friends Blog

 

Posts in category “usability”

 
 

Patching in 2024

In late 2024, people are being offered a choice of features versus security.

 
 
 
 
 
 
 
 
 
 
 

Better Taught Than Caught!

Informal training may work in some cases, but Threat Modeling skills should be passed on through more formal means.

 
 
 
 

Passwords Advice

Bruse Marshall has put together a useful comparison of password requirements from OWASP ASVS v3 and v4.

 
 
 
 
 

Pivots and Payloads

A new game from SANS for understanding pen test methodology, tactics, and tools.