Practical OAuth security guide for mobile applications
How to implement OAuth in the context of mobile applications while avoiding security pitfalls? Practical steps on fortifying OAuth flow with PKCE, state parameter, managing secure redirections, and focusing on critical aspects during OAuth assessment in mobile environments.
Security tips on using YubiKey and FIDO U2F
Designed for securing online accounts, FIDO U2F as a protocol and YubiKey as a hardware tool are not silver bullets. If not used wisely, this powerful combo becomes an attractive target in the hands of skilful attackers.
Flutter application security considerations
Ensuring security in cross-platform development with Flutter: Pros and cons, platform-specific security risks, fundamental security recommendations for using Flutter effectively and avoiding pitfalls.
Digital payment security: Architecture guide
Building secure digital wallets is a challenge when it comes to balancing between convenience and security. How can we build secure payment solutions that meet the needs of fintech users and effectively protect their assets?
How to prevent digital wallet fraud
Understanding digital wallet fraud is critical for designing and integrating an effective anti-fraud solution. Read about security events, risk models, remote device attestation, user authentication, KYC, trade-offs, and many more.
Exploring security vulnerabilities in NFC digital wallets
NFC-based devices, such as mobile digital wallets, contactless smart cards, and security keys (hardware authentication devices), are exposing users to NFC vulnerabilities in encryption, replay and side-channel attacks.
Smart contract security audit: tips & tricks
Smart contract security audit is very different from traditional application security audit. Smart contracts are immutable, they interact with each other and transfer user funds between accounts. Unique threat landscape brings unique challenges.
Transparent data encryption for SQL databases with Acra 0.93
Fully transparent encryption of sensitive fields is possible with open source Acra 0.93 release. Acra works on SQL protocol level, hiding details from developers and reducing encryption integration cost. Learn how it works under the hood.
Introduction to automated security testing
Keep your code shipshape and reduce vulnerabilities with automated security testing. Delve into ways and tools of software security testing that developers and platform engineers can set up and automate to make apps more secure.
Cryptographic failures in RF encryption allow stealing robotic devices
Stunned by losing their robotic devices, [REDACTED] learnt that they were hijacked by attackers even with communication being encrypted. Having researched its firmware and found numerous cryptographic failures, we've crafted a few demos on how cryptography goes wrong in real life.