Information Security https://www.edwardfrye.com/ en Checklists, in Aviation and Cybersecurity https://www.edwardfrye.com/article/20210310/checklists-aviation-and-cybersecurity <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--title--article.html.twig x field--node--title.html.twig * field--node--article.html.twig * field--title.html.twig * field--string.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--title.html.twig' --> <span property="schema:name" class="field field--name-title field--type-string field--label-hidden">Checklists, in Aviation and Cybersecurity</span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--title.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--uid--article.html.twig x field--node--uid.html.twig * field--node--article.html.twig * field--uid.html.twig * field--entity-reference.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--uid.html.twig' --> <span rel="schema:author" class="field field--name-uid field--type-entity-reference field--label-hidden"> <!-- THEME DEBUG --> <!-- THEME HOOK: 'username' --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/user/username.html.twig' --> <a title="View user profile." href="/users/edward" lang="" about="/users/edward" typeof="schema:Person" property="schema:name" datatype="" class="username">Edward</a> <!-- END OUTPUT from 'core/themes/classy/templates/user/username.html.twig' --> </span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--uid.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--created--article.html.twig x field--node--created.html.twig * field--node--article.html.twig * field--created.html.twig * field--created.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--created.html.twig' --> <span property="schema:dateCreated" content="2021-03-11T01:05:52+00:00" class="field field--name-created field--type-created field--label-hidden">Wed, 03/10/2021 - 17:05</span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--created.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'links__node' --> <!-- FILE NAME SUGGESTIONS: x links--node.html.twig x links--node.html.twig * links.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/content/links--node.html.twig' --> <!-- END OUTPUT from 'core/themes/classy/templates/content/links--node.html.twig' --> Thu, 11 Mar 2021 01:05:52 +0000 Edward 418 at https://www.edwardfrye.com Risk Management, in Aviation and Cyber Security https://www.edwardfrye.com/article/20210223/risk-management-aviation-and-cyber-security <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--title--article.html.twig x field--node--title.html.twig * field--node--article.html.twig * field--title.html.twig * field--string.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--title.html.twig' --> <span property="schema:name" class="field field--name-title field--type-string field--label-hidden">Risk Management, in Aviation and Cyber Security</span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--title.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--uid--article.html.twig x field--node--uid.html.twig * field--node--article.html.twig * field--uid.html.twig * field--entity-reference.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--uid.html.twig' --> <span rel="schema:author" class="field field--name-uid field--type-entity-reference field--label-hidden"> <!-- THEME DEBUG --> <!-- THEME HOOK: 'username' --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/user/username.html.twig' --> <a title="View user profile." href="/users/edward" lang="" about="/users/edward" typeof="schema:Person" property="schema:name" datatype="" class="username">Edward</a> <!-- END OUTPUT from 'core/themes/classy/templates/user/username.html.twig' --> </span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--uid.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--created--article.html.twig x field--node--created.html.twig * field--node--article.html.twig * field--created.html.twig * field--created.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--created.html.twig' --> <span property="schema:dateCreated" content="2021-02-24T00:38:51+00:00" class="field field--name-created field--type-created field--label-hidden">Tue, 02/23/2021 - 16:38</span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--created.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'links__node' --> <!-- FILE NAME SUGGESTIONS: x links--node.html.twig x links--node.html.twig * links.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/content/links--node.html.twig' --> <!-- END OUTPUT from 'core/themes/classy/templates/content/links--node.html.twig' --> Wed, 24 Feb 2021 00:38:51 +0000 Edward 411 at https://www.edwardfrye.com Completed Master of Science, Information Security and Assurance https://www.edwardfrye.com/story/20150128/completed-master-science-information-security-and-assurance <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--title--story.html.twig x field--node--title.html.twig * field--node--story.html.twig * field--title.html.twig * field--string.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--title.html.twig' --> <span class="field field--name-title field--type-string field--label-hidden">Completed Master of Science, Information Security and Assurance</span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--title.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--uid--story.html.twig x field--node--uid.html.twig * field--node--story.html.twig * field--uid.html.twig * field--entity-reference.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--uid.html.twig' --> <span class="field field--name-uid field--type-entity-reference field--label-hidden"> <!-- THEME DEBUG --> <!-- THEME HOOK: 'username' --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/user/username.html.twig' --> <a title="View user profile." href="/users/edward" lang="" about="/users/edward" typeof="schema:Person" property="schema:name" datatype="" class="username">Edward</a> <!-- END OUTPUT from 'core/themes/classy/templates/user/username.html.twig' --> </span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--uid.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--created--story.html.twig x field--node--created.html.twig * field--node--story.html.twig * field--created.html.twig * field--created.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--created.html.twig' --> <span class="field field--name-created field--type-created field--label-hidden">Wed, 01/28/2015 - 11:48</span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--created.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--body--story.html.twig * field--node--body.html.twig * field--node--story.html.twig * field--body.html.twig x field--text-with-summary.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--text-with-summary.html.twig' --> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>If you have been following my website, which you probably haven't since I don't update often enough to keep it interesting, but anyway; I started to go back to school to get my Bachelors of Science degree in 2011. When I started I knew that the B.S. should only be the beginning, after all, I had been in the technology industry and career field for 18 years. So my intent was to complete the B.S. and go directly into an advanced degree. When I completed the first degree 17 months later in 2013, I wasn't sure which direction to go. I was trying to determine if I should move towards a MS in InfoSec, a PhD in InfoSec, or some other degree. I ended up moving towards the "Masters of Science in Information Security and Assurance" with the intent on adding something like an MBA later.</p> <p>So here it is, January 2015, I completed the "Masters of Science in Information Security and Assurance" degree program and graduated in October 2014. And I'm wondering what I should do next. And lately I've been contemplating Law or &nbsp;Business degrees. I could easily continue to go to Western Governors University for an MBA and likely not have to take a GMAT test. Or I can try and get into one of the Brick and Mortar schools in the area such a Berkeley, Stanford, Santa Clara, etc. by scoring high on a GMAT.</p> <p>Or the other path I am considering as mentioned is a Juris Doctorate (JD) degree. Those same local schools have law programs as well, so I could study for and take an LSAT test to see if that may be an appropriate path. For the law school option, there is a similar path I could take to the one I took with WGU, and that would be to attend the Concord Law School by Kaplan University. Since I have proven that online school works for me and I live and work in Caliifornia, this is an option.</p> <p>What do others think?&nbsp;</p> </div> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--text-with-summary.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--field-tags--story.html.twig x field--node--field-tags.html.twig * field--node--story.html.twig * field--field-tags.html.twig * field--entity-reference.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'themes/danland/templates/field--node--field-tags.html.twig' --> <div class="field field--name-field-tags field--type-entity-reference field--label-hidden clearfix"> <ul class="links inline field_items"> <li><a href="/category/tags/education" hreflang="en">Education</a></li> <li><a href="/category/tags/tech" hreflang="en">Tech</a></li> <li><a href="/category/tags/information-technology" hreflang="en">Information Technology</a></li> <li><a href="/category/tags/information-security" hreflang="en">Information Security</a></li> </ul> </div> <!-- END OUTPUT from 'themes/danland/templates/field--node--field-tags.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--comment-node-story--story.html.twig * field--node--comment-node-story.html.twig * field--node--story.html.twig * field--comment-node-story.html.twig x field--comment.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--comment.html.twig' --> <section class="field field--name-comment-node-story field--type-comment field--label-hidden comment-wrapper"> </section> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--comment.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'links__node' --> <!-- FILE NAME SUGGESTIONS: x links--node.html.twig x links--node.html.twig * links.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/content/links--node.html.twig' --> <!-- END OUTPUT from 'core/themes/classy/templates/content/links--node.html.twig' --> Wed, 28 Jan 2015 19:48:02 +0000 Edward 391 at https://www.edwardfrye.com SQL Injection protection and detection, SANS GCIH Class https://www.edwardfrye.com/story/20120802/sql-injection-protection-and-detection-sans-gcih-class <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--title--story.html.twig x field--node--title.html.twig * field--node--story.html.twig * field--title.html.twig * field--string.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--title.html.twig' --> <span class="field field--name-title field--type-string field--label-hidden">SQL Injection protection and detection, SANS GCIH Class</span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--title.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--uid--story.html.twig x field--node--uid.html.twig * field--node--story.html.twig * field--uid.html.twig * field--entity-reference.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--uid.html.twig' --> <span class="field field--name-uid field--type-entity-reference field--label-hidden"> <!-- THEME DEBUG --> <!-- THEME HOOK: 'username' --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/user/username.html.twig' --> <a title="View user profile." href="/users/edward" lang="" about="/users/edward" typeof="schema:Person" property="schema:name" datatype="" class="username">Edward</a> <!-- END OUTPUT from 'core/themes/classy/templates/user/username.html.twig' --> </span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--uid.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--created--story.html.twig x field--node--created.html.twig * field--node--story.html.twig * field--created.html.twig * field--created.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--created.html.twig' --> <span class="field field--name-created field--type-created field--label-hidden">Thu, 08/02/2012 - 23:13</span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--created.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--body--story.html.twig * field--node--body.html.twig * field--node--story.html.twig * field--body.html.twig x field--text-with-summary.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--text-with-summary.html.twig' --> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Today was day 4 of the GCIH course being taught by <a href="http://twitter.com/markbaggett">Mark Baggett</a>. Things are going great and I'm learning stuff, I today we discussed SQL injection and cross site scripting.</p> <p>Regarding prevention, the training it states to perform input checking and disallow/block the user from entering symbols or specials&nbsp;characters such the apostrophe (') or the semi-colon (;) or the percent (%), etc.</p> <p>This bothers me a bit, while input validation and checking really is key and probably the most important aspect to prevent SQL injection from affecting you, my problem is with the preventing the use of these symbols. If these symbols are blocked, your users <b>can't</b> use words like <b>can't</b>. Also, say <b>you're </b>using this sort of validation / blocking on passwords; then you just restricted the passwords that a person can use.</p> <p>I do a bunch of coding in PHP, and when I was learning how to protect the websites I was writing, the material I used to stated to use string escaping and functions such as&nbsp; <span class="refname" style="font-family: verdana, arial, helvetica, sans-serif; font-size: 14px; background-color: rgb(255, 255, 255); ">mysql_real_escape_string().</span></p> <p>Mark mentioned parameterization, I didn't see this mentioned the course material. (although I didn't look closely).</p> <p>I believe this is the best way to prevent your user's input from affecting your SQL query. For example, if you are going to ask a database to verify a username password, the old method would be to construct your query something alone the lines like:</p> <blockquote><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;;Times New Roman&quot;; color:blue">SELECT</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><b><span style="font-size:10.0pt;font-family:Courier New,Times New Roman;color:navy">*</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:blue">FROM</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> databse</span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:navy">.</span></b><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:blue">table</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:blue">WHERE</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> username </span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:navy">=</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size: 10pt; font-family: 'Courier New'; color: gray; ">'$USERNAME'</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:blue">and</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> password </span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:navy">=</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size: 10pt; font-family: 'Courier New'; color: gray; ">'$PASSWORD'</span></blockquote> <p>This is a classic query that can be injected if you pass the variables in this way, such as passing:</p> <blockquote><b>Username:</b>&nbsp; <input disabled="disabled" length="50" type="text" value="' OR uid = 0; -- #"> &nbsp;<b>Password:&nbsp;</b>&nbsp; <input disabled="disabled" length="50" type="password" value="password"></blockquote> <p>This turnes the query into:&nbsp;</p> <blockquote> <p class="MsoNormal" style=" background-color: white; background-position: initial initial; background-repeat: initial initial; "><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;;Times New Roman&quot;; color:blue">SELECT</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:navy">*</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:blue">FROM</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> database</span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:navy">.</span></b><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:blue">table</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:blue">WHERE</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> username </span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:navy">=</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:gray">''</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:blue">OR</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:blue">uid</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:navy">=</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:#FF8000">1</span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:navy">;</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:green">-- #' and password = 'password';</span></p> </blockquote> <p>Which would return the values for the user with id of 1, typically the administrative user; of course this is just an example. The idea of parameterization, also known as using bind-variables is that the user input is not sent to the database in the same place as the SQL statement. Instead you set your query up such as:</p> <blockquote><b><span style="font-size: 10pt; font-family: 'Courier New'; color: blue; ">SELECT</span></b><span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;</span><b><span style="font-size: 10pt; font-family: 'Courier New'; color: navy; ">*</span></b><span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;</span><b><span style="font-size: 10pt; font-family: 'Courier New'; color: blue; ">FROM</span></b><span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;database</span><b><span style="font-size: 10pt; font-family: 'Courier New'; color: navy; ">.</span></b><b><span style="font-size: 10pt; font-family: 'Courier New'; color: blue; ">table</span></b><span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;</span><b><span style="font-size: 10pt; font-family: 'Courier New'; color: blue; ">WHERE</span></b><span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;username&nbsp;</span><b><span style="font-size: 10pt; font-family: 'Courier New'; color: navy; ">=</span></b><span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;<font color="#808080">?</font></span><span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;</span><b><span style="font-size: 10pt; font-family: 'Courier New'; color: blue; ">and</span></b><span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;password&nbsp;</span><b><span style="font-size: 10pt; font-family: 'Courier New'; color: navy; ">=</span><span style="font-size: 10pt; font-family: 'Courier New'; "><font color="#808080">&nbsp;?</font></span></b></blockquote> <p>Then you pass the variables in later with a bind-variable and execute statement. With this format, you can pass just about, if not all variables and the statement doesn't change because it's already set in the database.</p> <p>In php, this would look like:</p> <blockquote> <p><span style="font-size:10.0pt;font-family:Courier New;color:red">&lt;?php</span><br> <span style="font-size:10.0pt;font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:navy">$query</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:#8000FF">=</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:gray">"SELECT * FROM database.table WHERE username = ? and password = ?"</span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:#8000FF">;</span><br> <span style="font-size: 10pt; font-family: 'Courier New'; "><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:navy">$results</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:#8000FF">=</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:blue">array</span></b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:#8000FF">();</span><br> <b><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;;Times New Roman&quot;; color:blue">if</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt;font-family: &quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">(</span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:navy">$sth</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:#8000FF">=</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:navy">$dbh</span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:#8000FF">-&gt;</span><span style="font-size: 10pt; font-family: 'Courier New'; ">prepare</span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:#8000FF">(</span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:navy">$query</span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:#8000FF">))</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;; Times New Roman&quot;;color:#8000FF">{</span><br> <span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;&nbsp;&nbsp; </span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:navy">$sth</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">-&gt;</span><span style="font-size: 10pt; font-family: 'Courier New'; ">bind_param</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">(</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:gray">'ss'</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">,</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:navy">$_POST</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">[</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:gray">'username'</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">],</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:navy">$_POST</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">[</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:gray">'password'</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">]);</span><br> <span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;&nbsp;&nbsp; </span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:navy">$sth</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">-&gt;</span><span style="font-size: 10pt; font-family: 'Courier New'; ">bind_result</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">(</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:navy">$results</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">);</span><br> <span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;&nbsp;&nbsp; </span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:navy">$sth</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">-&gt;</span><span style="font-size: 10pt; font-family: 'Courier New'; ">execute</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">();</span><br> <span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;&nbsp;&nbsp; </span><b><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:blue">while</span></b><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">(</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:navy">$sth</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">-&gt;</span><span style="font-size: 10pt; font-family: 'Courier New'; ">fetch</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">())</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">{</span><br> <span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:navy">$result_count</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">++;</span><br> <span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><b><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:blue">print</span></b><span style="font-size: 10pt; font-family: 'Courier New'; "> var_dump</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">(</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:navy">$results</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">)</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">.</span><span style="font-size: 10pt; font-family: 'Courier New'; "> </span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:gray">"\n"</span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">;</span><br><span style="font-size: 10pt; font-family: 'Courier New'; ">&nbsp;&nbsp;&nbsp; </span><span style="font-size:10.0pt; font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">}</span><br><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:#8000FF">}</span><br> <span style="font-size:10.0pt;font-family:&quot;Courier New&quot;;Times New Roman&quot;;color:red">?&gt;</span></span></p> </blockquote> <p>This turns uses mysqli, other languages may do this similarly, but the important part is in the query, not in the php code.</p> <p>The class is not a programming class, and Mark did mention this as a way to protect against SQL injection. My main concern with the instruction to filter input such as&nbsp;apostrophes is that this type of recommendation comes from security vendors, and looking for apostrophes in user inputs such as with a web application firewall&nbsp;will produce a lot of false positives. The biggest is the use of apostrophes to show possession or when used in a contraction. </p> <p>Having your security software alert every time a <b>user's</b> post contains an apostrophe without checking for other artifacts of an injection attempt is going to flood your logs and make you miss a real attempt.</p> <p>As for the class, I'm having fun and learning things. Mark is doing a great job of keeping things interesting and making things relevant by providing real world anecdotal accounts that the class can relate to. I learned how the buffer overflows actually happen in the processor, which I knew how they can over flow a buffer, but not how that could cause code to execute, now I do. I'm looking forward to Saturday for the capture the flag portion.</p> </div> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--text-with-summary.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--field-tags--story.html.twig x field--node--field-tags.html.twig * field--node--story.html.twig * field--field-tags.html.twig * field--entity-reference.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'themes/danland/templates/field--node--field-tags.html.twig' --> <div class="field field--name-field-tags field--type-entity-reference field--label-hidden clearfix"> <ul class="links inline field_items"> <li><a href="/category/tags/education" hreflang="en">Education</a></li> <li><a href="/category/tags/information-security" hreflang="en">Information Security</a></li> <li><a href="/category/tags/tech" hreflang="en">Tech</a></li> </ul> </div> <!-- END OUTPUT from 'themes/danland/templates/field--node--field-tags.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--comment-node-story--story.html.twig * field--node--comment-node-story.html.twig * field--node--story.html.twig * field--comment-node-story.html.twig x field--comment.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--comment.html.twig' --> <section class="field field--name-comment-node-story field--type-comment field--label-hidden comment-wrapper"> </section> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--comment.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'links__node' --> <!-- FILE NAME SUGGESTIONS: x links--node.html.twig x links--node.html.twig * links.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/content/links--node.html.twig' --> <!-- END OUTPUT from 'core/themes/classy/templates/content/links--node.html.twig' --> Fri, 03 Aug 2012 06:13:06 +0000 Edward 303 at https://www.edwardfrye.com Edward Frye - Resume https://www.edwardfrye.com/resume <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--title--page.html.twig x field--node--title.html.twig * field--node--page.html.twig * field--title.html.twig * field--string.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--title.html.twig' --> <span property="schema:name" class="field field--name-title field--type-string field--label-hidden">Edward Frye - Resume</span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--title.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--body--page.html.twig * field--node--body.html.twig * field--node--page.html.twig * field--body.html.twig x field--text-with-summary.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--text-with-summary.html.twig' --> <div property="schema:text" class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><div> <h2>Chief Information Security Officer</h2> <p>Highly technical Chief Information Security Officer (CISO) with a proven track record of building cross-functional, practical security approaches that align with company culture and business goals. Adept at implementing security as a force multiplier, integrating security into continuous-development / continuous-integration deployment pipelines, and building security champions programs leveraging cross-functional software engineering resources..</p> <h2>Experience Highlights</h2> <table border="0" cellpadding="0" cellspacing="0" class="resumetable" style="table { border:none;} "> <tbody> <tr> <td valign="top" width="319"> <ul> <li>Assessment and Risk Management <ul> <li>Application Security / CICD Security</li> <li>Risk / Compliance Assessment</li> </ul> </li> <li>Certifications <ul> <li>CISSP 53360 <strong>• </strong>GIAC GWAPT</li> <li>CCNA Security CSCO12076222</li> </ul> </li> </ul> </td> <td valign="top" width="351"> <ul> <li>Security Frameworks <ul> <li><strong>• </strong>ISO 27001 <strong>• </strong>COBIT <strong>•</strong> COSO <strong>• </strong>ITIL</li> </ul> </li> <li>Compliance Experience <ul> <li><strong>• </strong>ISO27001<strong>•</strong> SSAE 18 SOC 2<br /> <strong>• </strong>HIPAA<strong>• </strong>SOX</li> </ul> </li> </ul> </td> </tr> </tbody> </table> <h2>Employment History</h2> <p><strong>Aryaka Networks, Inc • San Mateo, CA&nbsp;</strong><strong><span>2019 - Present</span></strong><br /> <em><u>Chief Information Security Officer (CISO) acting Chief Information Officer (CIO)</u></em></p> <p>Serve in an executive leadership role with accountability for cyber security and privacy posture, associated risks. Inspire and manage 28 staff; report on $4M budget. Inform and lead development and implementation of information security strategy and related processes. Revamped Information Security Management System (ISMS) based on ISO27001/ISO27002 framework for Software-Defined Wide Area Network.</p> <ul> <li>Accountable for the cyber security and privacy posture and associated risks, leading a team of 28 staff</li> <li>Informed and led development and implementation of information security strategy and related processes, including the revamping of the Information Security Management System (ISMS) based on the ISO27001/ISO27002 framework for Software-Defined Wide Area Network.</li> <li>Established TrustCenter to enable security transparency and help drive sales enablement with metrics and lead generation tracking.</li> <li>Developed and managed Information Security Incident Response Process</li> <li>Initiated migration from SSAE 16 to SSAE 18 standards for SOC 2 reporting</li> <li>Reduced exposed vulnerabilities by 90% by updating vulnerability management programs and reducing overall risk to the organization.</li> <li>Developed Continuous Company wide Security and Compliance Awareness Training program, resulting in a 10% yearly cost reduction on telephony and unified communications solutions.</li> <li>Implemented Software Engineering Security solutions through SAST/DAST solutions.</li> <li>Migrate from on-prem to cloud solutions.</li> <li>Grew security team from 1 to 5, and IT team from 4 to 11, Business Information Systems team from 2 to 12&nbsp;</li> </ul> <p><strong>Elementum SCM, Inc • Mountain View, CA&nbsp;<span>2017 - 2019</span></strong><br /> <em><u>Director Information Security (Head of Security/CISO)</u></em></p> <p>Developed Information Security Management System (ISMS) based on ISO27001/ISO27002 framework for supply chain management service provider.</p> <ul> <li>Obtained ISO/IEC 27001 certification within first 90 days after restart, resolving major non-conformity issues found during phase 1.</li> <li>Developed Security integration into CI/CD process through micro-services and micro-deployments reducing sprint to deploy from 4 weeks to continuous deployment.</li> <li>Implemented security with quality tools in IDE/Jenkins build environments using Maven and SonarQube and augmented with SAST and DAST tools.</li> <li>Drove SSAE 16 SOC2 Type 2 certification after one year with no documented findings&nbsp;</li> <li>Established regular vulnerability assessments and penetration testing and reduced exposed vulnerabilities by 20%</li> <li>Developed company’s first &nbsp;internal company-wide Risk Register allowing the company to track and manage company risks.</li> <li>Implemented 3rd party license compliance program and eliminated license violations such as copyleft, GPL. Reduced 3rd party library vulnerabilities by 60% and libraries with vulnerable methods in use by 90%.</li> <li>Implemented Company wide Security and Compliance Awareness Training program with 100% participation.</li> </ul> <p><strong>Blue Jeans Network, Inc</strong> <strong>• </strong>Mountain View, CA&nbsp;<strong><span>2014 - 2017</span></strong><br /> <em><u>Security Engineer (Acting Information Security Officer)</u></em></p> <p>Developed Information Security Program based on ISO framework for cloud-based video conferencing solution.</p> <ul> <li>Provided critical support to the sales team on pre-sales and post-sales customer security evaluations to help close deals.</li> <li>Coordinated security efforts across departments and functions</li> <li>Three-years SSAE 16 SOC 2 security audit with unqualified reports</li> <li>Integrated and managed Security Information Event Management (SIEM) system</li> <li>Implemented software static code analysis systems</li> </ul> <p><strong>Kaiser Permanente</strong> <strong>• </strong>Pleasanton, CA<strong> <span>2010 – 2014</span></strong><br /> <em><u>Information Security Consultant Specialist</u></em></p> <p>Providing Risk Management and mitigation recommendations for projects in large healthcare organization covering Kaiser's multiple regions providing Project Lifecycle Security Engagements for information technology projects.</p> <ul> <li>Evaluate vendors against HIPAA, SOX, and PCI security requirements for Healthcare records</li> <li>Identified potential risk, consulted on correcting or reducing risk and created reporting if uncorrected</li> <li>Performed risk assessments on new projects</li> <li>Consult with Security Operations Team on security events</li> </ul> <p><em><u>Security Operations Center Lead</u></em></p> <p>Lead for team of 6 security analysts providing response and investigations into security events and incidents in large healthcare organization.</p> <ul> <li>Developed automation for data-loss-prevention (DLP) tools, reducing workload from 16 man hours for single operation to 2 man hours / day</li> <li>Responded to events from Security Incident Event Management (SIEM) system distilling 50 million events into a few hundred actionable items per week.</li> <li>Investigate cases of fraud and abuse.</li> </ul> <p><strong>Proofpoint, Inc •</strong> Sunnyvale, CA<strong> <span>2009 – 2010</span></strong><br /> <em><u>Sr. Technical Support Engineer</u></em></p> <p>Provide advanced level product support for the Proofpoint Email Protection Server to Self-Hosted as well as Proofpoint hosted customers.<em><u> </u></em></p> <ul> <li>SME in Networking and Information Security.</li> <li>Provide policy recommendations to customers for email security and encryption.</li> </ul> <h2>Education</h2> <ul> <li>Masters of Science • Information Security and Assurance</li> <li>Bachelors of Science • Information Technology: Security</li> <li>Computer Communications Systems Control Specialist - U.S. Air Force</li> <li>Basic Military Training - U.S. Air Force</li> </ul> </div> <p>&nbsp;</p> <style type="text/css">.resumetable {border-collapse:collapse;} </style></div> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--text-with-summary.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--uid--page.html.twig x field--node--uid.html.twig * field--node--page.html.twig * field--uid.html.twig * field--entity-reference.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--uid.html.twig' --> <span rel="schema:author" class="field field--name-uid field--type-entity-reference field--label-hidden"> <!-- THEME DEBUG --> <!-- THEME HOOK: 'username' --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/user/username.html.twig' --> <a title="View user profile." href="/users/edward" lang="" about="/users/edward" typeof="schema:Person" property="schema:name" datatype="" class="username">Edward</a> <!-- END OUTPUT from 'core/themes/classy/templates/user/username.html.twig' --> </span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--uid.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--created--page.html.twig x field--node--created.html.twig * field--node--page.html.twig * field--created.html.twig * field--created.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--node--created.html.twig' --> <span property="schema:dateCreated" content="2011-01-31T23:04:20+00:00" class="field field--name-created field--type-created field--label-hidden">Mon, 01/31/2011 - 15:04</span> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--node--created.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--field-tags--page.html.twig x field--node--field-tags.html.twig * field--node--page.html.twig * field--field-tags.html.twig * field--entity-reference.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'themes/danland/templates/field--node--field-tags.html.twig' --> <div class="field field--name-field-tags field--type-entity-reference field--label-above clearfix"> <span class="field_label"><strong>Tags:</strong></span> <ul class="links inline field_items"> <li><a href="/category/tags/information-security" hreflang="en">Information Security</a></li> <li><a href="/category/tags/techpages" hreflang="en">TechPages</a></li> <li><a href="/category/tags/cissp" hreflang="en">CISSP</a></li> <li><a href="/category/tags/resume" hreflang="en">Resume</a></li> <li><a href="/category/tags/tech" hreflang="en">Tech</a></li> </ul> </div> <!-- END OUTPUT from 'themes/danland/templates/field--node--field-tags.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'field' --> <!-- FILE NAME SUGGESTIONS: * field--node--comment-node-page--page.html.twig * field--node--comment-node-page.html.twig * field--node--page.html.twig * field--comment-node-page.html.twig x field--comment.html.twig * field.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/field/field--comment.html.twig' --> <section class="field field--name-comment-node-page field--type-comment field--label-hidden comment-wrapper"> </section> <!-- END OUTPUT from 'core/themes/classy/templates/field/field--comment.html.twig' --> <!-- THEME DEBUG --> <!-- THEME HOOK: 'links__node' --> <!-- FILE NAME SUGGESTIONS: x links--node.html.twig x links--node.html.twig * links.html.twig --> <!-- BEGIN OUTPUT from 'core/themes/classy/templates/content/links--node.html.twig' --> <!-- END OUTPUT from 'core/themes/classy/templates/content/links--node.html.twig' --> Mon, 31 Jan 2011 23:04:20 +0000 Edward 3 at https://www.edwardfrye.com