877.791.9571 |

About the Author:

Jonathan Lampe, CISSP has led the development of award-winning security software and supporting services for Standard Networks, Ipswitch, and  SolarWinds.  He holds computer science and business degrees from Northern Illinois University and the University of Wisconsin, and currently holds SANS GSNA and CCSK certifications in addition to his (ISC)2 credentials.  When not coding, hacking, or writing, Lampe likes to spend time with his family in the beautiful Wisconsin outdoors.

How to Test the Security of IoT Smart Devices

Just when we thought we had our applications secured, they pull us back in.

No, this isn’t a case of directory traversal bugs reappearing in IIS, access bugs resurfacing in […]


Three Security Practices That IoT Will Disrupt

I made it back from DEFCON with both my phone and tablet intact, but I’m happy I didn’t bring a light bulb. You see, if had brought a light […]


Top 5 Email Retention Policy Best Practices

Email retention policies are no longer just about conserving space on your Exchange server. Today you must take into account how your email retention controls increase or decrease risk […]


CompTIA Security+ SY0-401 vs. SY0-301 Changes

, ,

A new version of the popular CompTIA Security+ certification is out, and the content it covers has expanded significantly over the past three years. The six domains the exam […]

Hacking Static Passwords

How to Perform a Safe Password Analysis

It’s one of the most exciting moments in a security researcher’s work: while looking through an obscure log file, you see strings like “James1984″ and “SecureMe!” scattered throughout the […]


CISSP Drag & Drop and Hotspot Questions: 5 More Examples


In my last article, I covered five questions similar to those on the official CISSP Exam. The new CISSP exam format was introduced in 2014 with “drag-and-drop” and “hotspot” […]


CISSP Drag & Drop and Hotspot Questions: 5 Examples


So you’re thinking of earning your CISSP. Wouldn’t you like to see some sample questions from the legendary CISSP test? There has been a lot written about sample CISSP […]


Beyond Password Length and Complexity


(or “Why PCI-DSS-Compliant Passwords Aren’t Enough” or “PCI-DSS-Compliant Password Analysis Reveals One-Quarter Still Trivially Compromisable”)

Thanks to PCI-DSS requirements and other security standards that specify a minimum length and strength […]


OWASP Top Ten Testing and Tools for 2013

In 2013 OWASP completed its most recent regular three-year revision of the OWASP Top 10 Web Application Security Risks. The Top Ten list has been an important contributor to […]


OWASP’s 2013 Web Vulnerabilities List Will Shuffle the Top Ten

The OWASP Top 10 list publicizes the most critical web application security flaws as determined by Open Web Application Security Project (OWASP), a nonprofit, vendor-independent IT security organization formed […]

Cracked Web Applications

Cracked Web Applications Leak Credentials and Data

If you’ve been paying attention to vulnerabilities in web applications, you’ve certainly heard of attacks involving SQL injections, cross-site scripting, and poor session management. Thanks to the efforts of […]