Threat Modeling in Practice
This topic works best as a practical framework: clear enough for decision-making and concrete enough for execution. In **Threat Modeling in Practice**...
Handbook
89 paginas
ADR Security Decision-Making
This topic works best as a practical framework: clear enough for decision-making and concrete enough for execution. In **ADR Security Decision-Making** the goal is...
Reference Architectures (Web, Network, Cloud)
A reference chapter only has value when teams can directly use it to plan, design, and deliver. In **Reference Architectures (Web, Network, Cloud)**...
Security Architecture Principles
A reference chapter only has value when teams can directly use it to plan, design, and deliver. In **Security Architecture Principles**, the goal is...
Secret Management and API Key Rotation
This topic works best as a practical framework: clear enough for decision-making and concrete enough for execution. With **Secret Management and API Key...
Compliance Mapping Matrix
A reference chapter only has value when teams can directly use it to plan, design and deliver. For **Compliance Mapping Matrix** it is about...
Hardening Checklists
This topic works best as a practical framework: clear enough for decision-making and concrete enough for execution. For **Hardening Checklists**, applicability is...
Compliance & Governance
A reference chapter only has value when teams can immediately use it to plan, design, and deliver. With **Compliance & Governance**, it's all about...
Incident Response Quick Reference
This topic works best as a practical framework: clear enough for decision-making and concrete enough for execution. In **Incident Response Quick...
Implementation Priorities Matrix
A reference chapter only has value when teams can directly use it to plan, design, and deliver. For **Implementation Priorities Matrix**, applicability is central:...
Defense Measures Mapping
A reference chapter only has value when teams can directly use it to plan, design, and deliver. In **Defense Measures Mapping**, the goal is...
When Things Go Wrong: First Aid for Hacks
Most online problems arise from haste. Most protection comes from brief, calm verification. For **When Things Go Wrong: First Aid for...
Identity Theft and Data Breaches
Most online problems arise from haste. Most protection comes from brief, calm verification. In **Identity Theft and Data Breaches**...
Children and the Internet
Most online problems arise from haste. Most protection comes from brief, calm verification. In **Children and the Internet**, the gain lies in...
Privacy and Social Media
Most online problems arise from haste. Most protection comes from brief, calm verification. In **Privacy and Social Media** the advantage lies in...
Online Shopping and Payments
Digital safety doesn't have to be complicated. It becomes strong when you repeat a few fixed choices consistently. For **Online Shopping and Payments**...
Safe Browsing and Wi-Fi
Most online problems arise from haste. Most protection comes from brief, calm verification. For **Safe Browsing and Wi-Fi**, the practical...
Protecting Your Computer
Most online problems arise from haste. Most protection comes from brief, calm verification. For **Protecting Your Computer** the...
Securing Your Phone
Most online problems arise from haste. Most protection comes from brief, calm verification. For **Securing Your Phone** the...
Passwords and Logging In
Digital security doesn't have to be complicated. It becomes strong as soon as you repeat a few fixed choices consistently. In **Passwords and Logging In**...
Recognizing Phishing and Scams
Most online problems arise from haste. Most protection comes from brief, calm verification. In **Recognizing Phishing and Scams**...
Security Metrics and Board Reporting
Cybersecurity is not a technical side issue here, but part of continuity, liability, and reputation. For **Security Metrics and Board Reporting**, steering only works with measurable goals...
Cyber Insurance
Executive peace of mind comes not from optimism, but from clear accountability and demonstrable follow-through. For **Cyber Insurance**, the core...
Supply Chain and Supplier Risk
Executive peace of mind comes not from optimism, but from clear accountability and demonstrable follow-through. For **Supply Chain and Supplier Risk**...
Incident Response and Crisis Management
Board-level calm doesn't come from optimism, but from clear responsibility and demonstrable follow-up. In **Incident Response and Crisis Management**...
Security Budget and Investment
Cybersecurity is not a technical side issue here, but part of continuity, liability, and reputation. For **Security Budget and Investment**, steering only works with measurable goals...
Director Liability
Executive peace of mind comes not from optimism, but from clear accountability and demonstrable follow-through. In **Director Liability**, the focus is on...
GDPR Privacy Compliance
Boardroom confidence does not come from optimism, but from clear accountability and demonstrable follow-up. In **GDPR Privacy Compliance**, the win is in...
NIS2 and European Cyber Legislation
Boardroom confidence does not come from optimism, but from clear accountability and demonstrable follow-up. With **NIS2 and European Cyber Legislation**...
Risk Management and Risk Analysis
Cybersecurity is not a technical sidetrack here, but part of continuity, liability, and reputation. For **Risk Management and Risk Analysis**...
Cybersecurity as Board Responsibility
Cybersecurity is not a technical sidetrack here, but part of continuity, liability, and reputation. For **Cybersecurity as Board Responsibility**...
Secrets Management
In the cloud, consistency is crucial: policy in code, minimal privileges, and visibility into drift. For **Secrets Management**, automation takes the lead: guardrails...
Infrastructure as Code Security
In the cloud, consistency is crucial: policy in code, minimal permissions, and visibility into drift. For **Infrastructure as Code Security**, success depends on...
Kubernetes Hardening
Cloud environments change fast. That is why security must move with them by default and in an automated way. For **Kubernetes Hardening**, automation is the guiding principle: guardrails in code, least privilege, and continuous drift control.
Cloud Detection & Logging
Cloud environments change rapidly. That is why security here must move along by default and in an automated way. In **Cloud Detection & Logging**, value emerges...
Preventing Cloud Persistence
Cloud environments change rapidly. That is why security here must move along by default and in an automated fashion. For **Preventing Cloud Persistence**, success...
Stopping Cloud Lateral Movement
In the cloud, consistency is crucial: policy in code, minimal permissions, and visibility into drift. For **Stopping Cloud Lateral Movement**, segmentation is the lever:...
Serverless Hardening
Cloud environments change rapidly. That is why security must move along by default and in an automated fashion. For **Serverless Hardening**, automation is...
CI/CD Pipeline Hardening
In the cloud, consistency is crucial: policy in code, minimal permissions and visibility into drift. For **CI/CD Pipeline Hardening** automation is leading:...
Container Hardening
Cloud environments change rapidly. That is why security here must move along by default and in an automated fashion. For **Container Hardening**, automation is key...
GCP Hardening
Cloud environments change rapidly. That's why security here must be standard and automated. For **GCP Hardening**, automation is leading:...
Azure & Entra ID Hardening
Cloud environments change rapidly. That's why security here must be standard and automated. For **Azure & Entra ID Hardening**, automation is leading:...
AWS Hardening
Cloud environments change rapidly. That's why security here must move along as a standard and automated practice. For **AWS Hardening** automation is leading:...
Preventing Cloud Reconnaissance
In the cloud, consistency is crucial: policy in code, minimal privileges, and visibility into drift. For **Preventing Cloud Reconnaissance**, success depends on...
Security Awareness & Social Engineering
In network security, structure wins over improvisation: clear paths, fewer privileges and explicit trust boundaries. For **Security Awareness & Social...
Wireless & Physical Security
Attack paths shrink as soon as permissions, segments and management channels are consistently configured. For **Wireless & Physical Security** the basis remains the same:...
Zero Trust Architecture
In network security, structure wins over improvisation: clear paths, fewer privileges and explicit trust boundaries. In **Zero Trust Architecture** the goal is...
Vulnerability Management & Patch Policy
Attack paths shrink once privileges, segments and management channels are consistently configured. For **Vulnerability Management & Patch Policy** the foundation remains the...
Backup & Disaster Recovery
In network security, structure beats improvisation: clear paths, fewer privileges, and explicit trust boundaries. With **Backup & Disaster Recovery**...
Logging, Monitoring & SIEM
Attack paths shrink once permissions, segments, and management channels are consistently configured. In **Logging, Monitoring & SIEM**, value emerges when...
Network Segmentation & Firewall
In network security, structure beats improvisation: clear paths, fewer privileges, and explicit trust boundaries. For **Network Segmentation &...
MSSQL Hardening
In network security, structure beats improvisation: clear paths, fewer privileges, and explicit trust boundaries. With **MSSQL Hardening**, it's about...
E-mail & DNS Hardening
Attack paths become small once privileges, segments and management channels are consistently configured. For **E-mail & DNS Hardening** the basis remains the same:...
Windows Hardening
In network security, structure wins over improvisation: clear paths, fewer privileges, and explicit trust boundaries. For **Windows Hardening**, the...
Linux Hardening
Attack paths shrink once permissions, segments, and management channels are consistently configured. For **Linux Hardening**, the foundation remains the same: less...
Preventing Tunneling
Attack paths shrink once privileges, segments, and management channels are consistently configured. For **Preventing Tunneling**, segmentation is the lever:...
Detecting Persistence
Attack paths shrink once permissions, segments, and management channels are consistently configured. In **Detecting Persistence**, value emerges when...
ADCS Hardening
In network security, structure beats improvisation: clear paths, fewer privileges, and explicit trust boundaries. For **ADCS Hardening**, privilege cleanup and...
Credential Protection
Attack paths shrink once permissions, segments, and management channels are consistently configured. For **Credential Protection**, the foundation remains the same:...
Stopping Lateral Movement
Attack paths shrink once privileges, segments, and management channels are consistently configured. For **Stopping Lateral Movement**, segmentation is the lever:...
Kerberos Hardening
In network security, structure beats improvisation: clear paths, fewer privileges, and explicit trust boundaries. For **Kerberos Hardening**, privilege cleanup and...
Active Directory Hardening
In network security, structure beats improvisation: clear paths, fewer privileges, and explicit trust boundaries. With **Active Directory Hardening**...
Preventing Privilege Escalation
In network security, structure beats improvisation: clear paths, fewer privileges, and explicit trust boundaries. For **Preventing Privilege Escalation**...
Stopping Detection & Evasion
Attack paths shrink once permissions, segments, and management channels are consistently configured. In **Stopping Detection & Evasion**, value emerges when...
Preventing Initial Access
Attack paths shrink once privileges, segments, and management channels are consistently configured. For **Preventing Initial Access**, the basics remain the same:...
Secure Development Lifecycle
Web risk is rarely mysterious. It usually lies in predictable mistakes that persist under time pressure. With **Secure Development Lifecycle** the greatest gains...
OAuth & OpenID Connect
Secure web development is not about extra friction, but about better defaults in design, code and release flow. In **OAuth & OpenID Connect**, robust identity is what matters...
File Upload Hardening
Web risk is rarely mysterious. It usually lies in predictable mistakes that persist under time pressure. In **File Upload Hardening** you reduce risk with...
API Security
Web risk is rarely mysterious. It usually lies in predictable mistakes that remain under time pressure. With **API security**, security only truly works...
TLS/SSL Configuration
Web risk is rarely mysterious. It usually lies in predictable mistakes that remain under time pressure. For **TLS/SSL Configuration** the core is a...
Input Validation & Output Encoding
Web risk is rarely mysterious. It usually lies in predictable mistakes that persist under time pressure. With **Input Validation & Output Encoding**, the biggest gains come from...
Security Headers
Secure web development is not about extra friction, but about better defaults in design, code and release flow. For **Security Headers** the benefit lies in...
Authentication Hardening
Secure web development is not about extra friction, but about better defaults in design, code, and release flow. In **Authentication Hardening**, what matters most is...
Client-Side Security
Web risk is rarely mysterious. It usually lies in predictable mistakes that persist under time pressure. For **Client-Side Security**, the gains lie in...
Deserialization Prevention
Secure web development is not about extra friction, but about better defaults in design, code, and release flow. With **Deserialization Prevention**, the greatest gains come from...
SSRF Prevention
Secure web development is not about extra friction, but about better defaults in design, code, and release flow. With **SSRF Prevention** the greatest gains come from...
XXE Prevention
Web risk is rarely mysterious. It usually lies in predictable mistakes that persist under time pressure. For **XXE Prevention**, the biggest gains lie in...
SSTI Prevention
Web risk is rarely mysterious. It usually lies in predictable mistakes that persist under time pressure. With **SSTI Prevention**, the greatest gains come from...
Path Traversal Prevention
Web risk is rarely mysterious. It usually lies in predictable mistakes that persist under time pressure. In **Path Traversal Prevention**, the greatest gain...
Command Injection Prevention
Web risk is rarely mysterious. It usually lies in predictable mistakes that persist under time pressure. In **Command Injection Prevention** it's about...
XSS Prevention
Web risk is rarely mysterious. It usually lies in predictable mistakes that persist under time pressure. For **XSS Prevention** the gains come from...
SQL Injection Prevention
Web risk is rarely mysterious. It usually lies in predictable mistakes that persist under time pressure. For **SQL Injection Prevention** it is about strict...
Reference & Architecture
14 chapters of reference material — compliance mapping, checklists, threat modeling, and security architecture.
Consumers & Home Users
10 chapters on digital safety for home users — recognizing phishing, passwords, privacy, and what to do when things go wrong.
Executives & Governance
10 chapters on cybersecurity from a board perspective — responsibility, compliance, budget, and crisis management.
Cloud Security
13 chapters on securing cloud environments — AWS, Azure, GCP, containers, CI/CD, and Infrastructure as Code.
Network & Active Directory
21 chapters on securing networks, Active Directory, Windows, Linux, and monitoring.
Web Security
17 chapters on securing web applications — from preventing injection attacks to a complete secure development lifecycle.
Security Measures
Open source security advice in English. 84 chapters on web, network, cloud, and consumer security.