Shostack + Friends Blog

 

Posts in category "usability"

 
 
 
 
 
adult male teaching young child to fish at the beach

Better Taught Than Caught!

Informal training may work in some cases, but Threat Modeling skills should be passed on through more formal means.

 
 
 
 

Passwords Advice

Bruse Marshall has put together a useful comparison of password requirements from OWASP ASVS v3 and v4.

 
 
 
 
 
Pivots and Payloads pentest poster

Pivots and Payloads

A new game from SANS for understanding pen test methodology, tactics, and tools.