Welcome to the Ministry

Hello, I am Krogoth. My dayjob is to bother, to pester and to annoy. Every single day I work hard to bring these qualities of mine to perfection.

The Ministry of Zombie Defense is the place where I share my thoughts and musings about all things Information Security.

This is also where I share a few quotes. Like this one:

“A communications disruption can mean only one thing — invasion.”
―Sio Bibble


OWASP CRS block rules in production

Web Application Firewalls (WAF) are a neat strategy to protect your webservers from malicious connections. All of the WAFs in the market work similarly. You define rules of what you think is good or bad traffic and the WAF tries to detect attacks based on that. But your WAF will always just be as good as your rules. The OWASP CRS Instead of having to write all your own rules, the OWASP Project has a Core Rule Set (CRS) which you can download for free from their website.

SSL / TLS Scanner

With all the recent bugs in OpenSSL, every security officer needs her SSL / TLS scanning infrastructure to make sure she does not miss a service when updating and fixing everything. hrafn Why an SSL / TLS scanner Running encryption has become a hassle recently. Mostly because of four factors. Everybody and the world is using OpenSSL to secure transport to and from (mostly) web applications. OpenSSL has an excellent track record of messing up secure code.