My Profile Photo

DanspilS


Information Security (InfoSec) Architect


  1. C4 threat modelling this website

    My previous post looked at producing a C4 model for my (simple) website. This post takes that a step further and looks at how we can use C4 modelling to elicit security and privacy threats using two frameworks: …


  2. C4 modelling this website

    This site has been around for a few years now and has changed significantly, mainly from an infrastructure perspective, over that time. That can be done as the site gets very few hits so I can use it to test features and experiment without worrying about outages.‌ …


  3. BBC Application Security (AppSec) Blog

    Here’s a review of the work that I did during 2019 whilst working for the BBC (under the heading Application Security (AppSec)): …


  4. PiHole with DNS over HTTPS (DOH)

    A few people I know have set up PiHole ad blocker and really rave about it so I thought it was worth a look. The basic setup I used was as per the instructions on their website, appended with Dingo DNS over HTTPS (DoH) and with a Let’s Encrypt web admin https cert installed. This page is effectively my build guide documented so that it may help anyone else looking to do the same but also in case I ever need to rebuild it! …


  5. Cloudflare wildcard certificate issuance and CAA weirdness

    As some of my other posts discuss, there are a number of security features that I trial using this site. One of those is SSL/TLS certificate based where I set a CAA record in my DNS. A CAA record tells all Certficate Authorities (CA) who is allowed to issue a certificate for a domain, which is quite a powerful feature for mitigating issues where CAs go rogue or get hacked. …


  6. site architecture and construction

    This site is now in v3. v1 was EC2 hosted in AWS and served via nginx because that was the only way that I could serve Content Security Policy (CSP) headers. Using a CDN, Cloudfront or Cloudflare, meant that my headers would be stripped which was not cool. …


  7. Lambda@Edge

    CSP for AWS Cloudfront Lambda@Edge …


  8. Data engineering: building security capability for modern business

    Here’s a blog that I had published whilst working for HMRC: …