Cossack Labs Blog

23 Mar 2021

Cloud security: gaps in a "shared responsibility" model

"Cloud is secure"–is a mistaken belief: deploying an app to a cloud sounds like "risk outsourcing", while in reality, it's more like "risk sharing". In this article, we observe the security responsibility of cloud providers: where it ends, what are the gaps and grey areas, and what risks security teams should take into account when using "as a service" platforms.


22 Oct 2020

React Native security: things to keep in mind

In this article, we shed light on React Native apps’ security based on our experience and explain some risks, and threats developers should address to prevent typical mistakes.


14 Sep 2020

Security logs: cryptographically signed audit logging for data protection

We cover cryptographically signed audit logging, when logs are generated in a certain way which prevents tampering messages, removing, adding or changing the order of log entries. We explain why signed logs are essential for security software, how we’ve built-in secure audit logging in Acra, and how to use it together with other defense in-depth layers in your systems.


9 Jul 2020

Themis 0.13.0 Is Released

Themis 0.13.0 release: introducing new “encrypt-with-passphrase” API, new API for generating symmetric keys, support for Kotlin for Android, and updated Themis knowledge base.


10 Jun 2020

3 Mistakes to Avoid When Dealing With OpenSSL Versions and iOS Apps

OpenSSL complexity starts with its version string. Apple, Carthage, and some dependency analysis tools have different opinions about it. Here is how we dealt with them and submitted iOS app to the App Store.


10 Jun 2020

Swift Way to Build OpenSSL for Carthage iOS, As We Did It for Themis

This story is dedicated to fellow developers struggling with updating Carthage package with the latest OpenSSL for iOS and macOS apps. Here you will find the scripts, error messages, testing matrix, and our working solution for Themis to this no small feat. We believe it could save you time then you meet the same task.


2 Apr 2020

What Do We Really Need to Encrypt. Cheatsheet

What data is sensitive and needs to be encrypted according to the modern data privacy regulations like GDPR, CCPA, HIPAA, FFIEC, etc.? This is a cheat sheet and an explanation of how we approach answering these questions.


20 Nov 2019

What Should You Drop When You Lift and Shift

When moving to cloud, your threat model changes. Learn how to reallocate your security efforts effectively.


28 Oct 2019

Security Engineering Advice: 4 Ways to Prepare for Security Incidents

Don't be afraid of security incidents, prepare to them in advance. Choose the scenario that suits your company and fits your budget.


27 Sep 2019

Themis 0.12.0

Themis 0.12.0 release: full support for WebAssembly/Electron applications plus an experimental installation for Windows!


All posts

Previous Previous