How to prevent SQL injections when WAFâs not enough
Can WAF prevent SQL injection? What is the biggest threat to a tool that prevents unauthorised database access? Requests from the application side that trigger data leakage. Namely, SQL injections and other application attacks that allow attackers to craft custom SQL queries. How can we prevent that? The standard industry response is obvious â input sanitization, web application firewalls (WAFs), and prepared statements are typically used for addressing these concerns.
Blockchain & GDPR: dos and donâts while achieving compliance
On blockchain and GDPR As cryptographers who develop data security tools that heavily involve cryptography (surprise surprise), we get asked a lot of questions about âcryptoâ. Unfortunately, not âcryptozoologyâ* crypto, but neither it is cryptography. Very often it is about blockchain. More and more tools claim to have âunprecedented levels of securityâ or âGDPR compliance & security by designâ when using security designs based on blockchain and distributed consensus systems.
Thank You for Contributing and Using Themis in 2018
We believe that everyone should be able to create secure applications and protect usersâ privacy. Thatâs why our main cryptographic components are open source and developer-friendly. But open-source would be nothing without external contributions and feedback from users. We would like to publicly celebrate our open-source contributors and users who challenged us to make our open-source offerings more robust by asking hard questions, pointing out usability problems and potential usage patterns we were not aware of before.
Hiring External Security Team: What You Need to Know
In our company, weâve succeeded in clearly articulating the deliverables of our products and consulting projects. Building a network of great partners and delegating the work out of range of our primary competencies to them helps both parties concentrate on whatâs weâre best at. However, there are a lot of challenges in building distributing the work between different types of security specialists. Larger part of the market is still struggling to show a viable differentiation for the customer looking to mitigate various infosec-related risks.
How to Implement Tracing in a Modern Distributed Application
Distributed tracing is incredibly helpful during the integration and optimisation of microservice-rich software. Before implementing tracing as a publicly available feature in the latest version of Acra, we did a small research to catch up with current industry standards in tracing protocols and tools. In this article, weâve decided to explain, why tracing is a very useful thing and how you can benefit from using it in your projects.
GDPR for software developers: implementing rights and security demands
A methodical software developerâs perspective on mapping privacy regulations to changes in the database structure, updates in DevOps practices, backups, and restricted processing. GDPR and software development After 2 years of fearful anticipation, GDPR is finally here, in full effect starting with May 25, 2018. A considerable number of clients who've entrusted their data to our solutions keep asking a lot of questions in one or another way related to GDPR.
Poison Records in Acra â Database Honeypots for Intrusion Detection
Poison Records in Acra Intro When naming our special type of data containers created for raising an alarm within Acra-powered infrastructures, we were sure weâve seen the term âpoison recordsâ used elsewhere in the same context. This particular technique in out of the box solution was first offered by us (if it wasnât, let us know! We'd like to know more about their backstory :)). In a way, poison records are very much like passive honeypots, but their mechanics of work is completely different.
How to reduce Docker image size (Example)
Need for Docker image reducing To provide convenient delivery and faster deployment of our tools, just like everybody else â we use Docker. This article describes our experience of using containers for distribution of our product Acra (database encryption suite) and focuses on the method we used to reduce the size of Docker images approximately by 62-64 times. Itâs not like weâve made a revolutionary discovery, but as developers, we found it interesting to trace the steps from the moment of packaging a product into a container to trimming it down to a small Docker image.
Moving to OpenSSL 1.1.0 â How We Did It
This article was published in 2018 about R&D work, which resulted in stable production release of Themis that now uses OpenSSL 1.1.1g If youâre a developer and youâre dealing with cryptography for your app, consider using high-level cryptographic libraries like Themis instead of OpenSSL. No need to struggle with OpenSSL if your goal is to protect usersâ data. Moving to OpenSSL 1.1.0 Besides introducing breaking changes through abandoning backward compatibility on x64 systems, the recent version of Themis (Themis 0.
Social Events of Spring-Summer 2018 for Cossack Labs
Late April throughout late June of 2018 was quite a hot time for the Cossack Labs team as we were actively developing our products, releasing feature after feature for Acra and Themis and also participated, spoken at, and hosted a number of conferences, meetups, and workshops. Want to see what it takes for an R&D team to actively participate in a conference circuit? Read on. 21/04 BSides Kyiv, Ukraine The BSides Kyiv security conference kicked off the series of social events for Cossack Labs in this quarter.