Security Blog
Practical insights, emerging risks, and clear guidance for building stronger cyber resilience.
The 2025 OWASP Top 10: What Changed
New categories, retired risks, and why supply chain and error handling now share the spotlight with classic web app flaws.
Recent Briefings
The 2025 OWASP Top 10: What Changed
New categories, retired risks, and why supply chain and error handling now share the spotlight with classic web app flaws.
Vulnerability Scans and Server Headers
Why response headers show up in reports, when they matter, and how to trim noisy findings on platforms like Windows IIS.
Vulnerability Scans and TLS
SSL and TLS version and cipher issues are common in scan output—here is when they are a real risk versus report noise.
Active Directory on Steroids
A Monash University-inspired model that builds on Microsoft's enterprise access model for granular AD controls.
ASD Cyber Threat Report 2025 Recap
Cost of cybercrime, identity and BEC as entry points, and what the numbers suggest by business size.
Pro Bono Cyber Security
How we support charities and not-for-profits serving underprivileged communities, inspired by partners like Project Black.
Are the ASD's Top Four Still on Top?
From 2015 ACSC stats to today: what the Top Four were designed to stop—and how they fit alongside the Essential Eight.
Revisiting the Commonwealth's Cyber Posture
Coverage of cyber security goals across Australian Government entities ahead of the next Commonwealth posture report.
Access Control and Why It's Broken
Why access control stays at the top of the OWASP list and what goes wrong when apps blur roles, objects, and privilege boundaries.
Microsoft 365 Essentials for Admin Accounts
Treat admin identities as crown jewels: hardening, segmentation, and why losing one account can make headlines.
Microsoft 365 Business Licenses Explained
Basic, Standard, and Premium compared—what you get, security differences, and how to avoid overpaying for the wrong tier.
Talk to us about
your next assessment
Whether you are scoping a test, preparing for an audit, or building a roadmap, we keep the conversation clear, proportionate, and focused on what your teams and stakeholders need.