Latest Posts

It has been a bit of time since I last wrote anything here, the past year and a bit has been interesting to say the least.  I have just come back from an idyllic week in Sherwood Forest, where I spent...
Read More
New Hosting!
I have moved to a new hosting plan as such it may take a bit of time before this site is back and running properly
Read More
DevSecOps: The anatomy of a unicorn
For the past few months I have spent quite a bit of time interviewing candidates for DevSecOps positions, we are not looking for any one particular position. We have a need for a number of people with...
Read More
boy, man, people-3653385.jpg
Sitting the CISSP exam
So I finally was able to go to a test centre to sit my (ISC)2 CISSP exam, I was initially planning on doing this in April but the lockdown stopped me. I have spent the past month watching a number of Pluralsight...
Read More
Spice world virtual 2020
It has been a busy month, where I spent most of my time studying for my CISSP exam, as such I failed to post this about the first ever virtual spice world conference from September. This is the annual...
Read More
Securing an App Service Environment (ASE)
Following on from my previous post about Network Security Groups, this post is about securing an App Service Environment. An Application Gateway with Web Application Firewall (WAF) is also included to...
Read More
Managing Azure Network Traffic with Network Security Groups
Azure Network Security Groups (NSG) are a core tool that enables you to control the network traffic flow within an Azure Virtual Network. A Network Security Group is a collection of stateful layer 3/4...
Read More
Integrating ARM Template Security Testing into a DevOps Pipeline
Following on from an earlier post about incorporating penetration testing with OWASP ZAP into an Azure DevOps pipeline, I am going to talk about how to add vulnerability checks for your ARM Templates to...
Read More
Integrating security testing into an Azure DevOps pipeline – OWASP ZAP
One of the most effective ways of enhancing the security posture of a solution is to incorporate security into the development lifecycle and embed it within the normal CI/CD pipelines of a project. In...
Read More
1 2