Laurens van der Blom
Laurens van der Blom

Principal IT Architect. Security professional (CISSP, CCSP). Fitness/bootcamp guru. Obstacle runner. Ski lunatic.


2021-11-04 - Write-Up: Intigriti Challenge 1021
This post is a write-up for the Intigriti Challenge 1021, which refers to finding an XSS vulnerability on a specially crafted webpage. Read more›››
2020-02-16 - OpenSSL and validation of self-signed certificates
There is an issue regarding OpenSSL not being able to validate self-signed certificates without the correct flags set. I found out the hard way when experimenting with HTTPS and client authentication in my environment. There is a (temporary) workaround that you can use to keep working with self-signed certificates. Read more›››
2020-01-01 - Happy, healthy and secure 2020!
2019 has been a busy year. Lots of work done, participated in lots of sport activities, unfortunately also had some setbacks in a few areas, and most of all: successfully achieved my CISSP certification! The study for CISSP took a lot of my time. It was a lot of material to go through, and combined with work and sport I had little time left for myself. I was aware I could not do much for my website during this period, despite my intention to keep it up-to-date regularly. On Twitter and other media sources I did follow plenty of information security news and I'm glad to see that it is such an active community with many knowledgeable people who contribute to a better and more secure internet. Read more›››
2019-02-02 - Disclosing responsibly with responsible disclosure
White hat security researchers, who play an important role in protecting people's digital life and fighting cybercrime, are not always lucky and take pretty big hits when their publications of security risks and vulnerabilities are not appreciated by those responsible for these security risks and vulnerabilities in the first place. They often face legal threats which can be very difficult to fight against. Such things can quickly turn into nightmares for the people involved who simply want to do good for everyone. All the more reason to think about this and how such unfortunate events can be prevented. Luckily, some people have already done that for us. In the course of the past few years there have been some major shifts in the way the publications are handled by governments and companies in a positive way, but we're not there quite yet. Read more›››
2019-01-01 - Information security: Why is it so important and what can you do?
In order to prevent the continually increasing cybercrime from taking the upper hand, information security must be taken seriously. Otherwise, there could be dire consequences. Blackmailing, identity theft, data breaches and denial of ICT-services have a significant impact on the national and international economy. In this post I'd like to explain why information security is so important, but even more importantly: which kinds of action organisations can undertake to improve their information security in order to turn the odds in their favour in the battle against cybercrime. Read more›››