applied security

Cossack Labs Blog

10 Jun 2020

Swift Way to Build OpenSSL for Carthage iOS, As We Did It for Themis

This story is dedicated to fellow developers struggling with updating Carthage package with the latest OpenSSL for iOS and macOS apps. Here you will find the scripts, error messages, testing matrix, and our working solution for Themis to this no small feat. We believe it could save you time then you meet the same task.

Read more...


2 Apr 2020

What Do We Really Need to Encrypt. Cheatsheet

What data is sensitive and needs to be encrypted according to the modern data privacy regulations like GDPR, CCPA, HIPAA, FFIEC, etc.? This is a cheat sheet and an explanation of how we approach answering these questions.

Read more...


20 Nov 2019

What Should You Drop When You Lift and Shift

When moving to cloud, your threat model changes. Learn how to reallocate your security efforts effectively.

Read more...


28 Oct 2019

Security Engineering Advice: 4 Ways to Prepare for Security Incidents

Don't be afraid of security incidents, prepare to them in advance. Choose the scenario that suits your company and fits your budget.

Read more...


5 Sep 2019

Implementing End-to-End encryption in Bear App

How we helped the Bear note taking app for iOS/macOS, which decided to implement note encryption for their huge existing user base. A story about finding a balance between usability, security, and mobile platforms' restrictions.

Read more...


4 Apr 2019

Building Defence in Depth for Your Data Using Acra

How to protect the data in your app infrastructure using the defence in depth approach, explained on the example of Acra encryption suite.

Read more...


13 Feb 2019

Preventing SQL Injections When WAF’s Not Enough

Using SQL firewall to protect database against SQL injections at scale as compared to WAF.

Read more...


22 Jan 2019

On Blockchain and GDPR

Blockchain solves several technical challenges. Sadly, while it can be helpful, using it won't make your product automatically secure or GDPR-complaint.

Read more...


20 Sep 2018

GDPR for Engineers: Implementing Rights and Security Demands

Mapping data privacy regulation to changes in database structure, updates in DevOps practices, backups, and restricted processing. A methodical developer’s perspective.

Read more...


16 Aug 2018

Poison Records in Acra – Database Honeypots for Intrusion Detection

How we detect massive data leaks and firewall exfiltration in Acra.

Read more...

All posts

Previous Previous