Applied security

applied security

Cossack Labs Blog

4 Apr 2019

Building Defence in Depth for Your Data Using Acra

How to protect the data in your app infrastructure using the defence in depth approach, explained on the example of Acra encryption suite.

database security Acra applied security development SQL Web backend security series postgresql

Read more...


13 Feb 2019

Preventing SQL Injections When WAF’s Not Enough

Using SQL firewall to protect database against SQL injections at scale as compared to WAF.

applied security database security Acra firewall SQL backend security series

Read more...


22 Jan 2019

On Blockchain and GDPR

Blockchain solves several technical challenges. Sadly, while it can be helpful, using it won't make your product automatically secure or GDPR-complaint.

applied security GDPR blockchain

Read more...


15 Nov 2018

What Do We Really Need to Encrypt. Cheatsheet

What data is sensitive and needs to be encrypted according to the modern data privacy regulations like GDPR, HIPAA, FFIEC, etc.? This is a cheat sheet and an explanation of how we approach answering these questions.

applied security howto database security GDPR

Read more...


20 Sep 2018

GDPR for Engineers: Implementing Rights and Security Demands

Mapping data privacy regulation to changes in database structure, updates in DevOps practices, backups, and restricted processing. A methodical developer’s perspective.

applied security database security GDPR

Read more...


16 Aug 2018

Poison Records in Acra – Database Honeypots for Intrusion Detection

How we detect massive data leaks and firewall exfiltration in Acra.

applied security database security Acra intrusion detection

Read more...


13 Dec 2016

12 and 1 ideas on how to enhance backend data security

Previously, we’ve talked about classic design patterns in backend data security and about key management goals and techniques. In this article, we'll discuss how modern approaches differ and shed light on our solutions. Updated in 2019

applied security backend security series database security

Read more...


26 Oct 2016

Why making Internet safe is everyone’s responsibility

... not the security vendors, nor government or big corporations can solely fix the current state of things. It's everybody's duty and the earlier we understand it - the better.

applied security Web

Read more...


21 Sep 2016

Backend data security: Key management 101

Second article in series, Key Management 101 will talk about basic key management concepts, goals and methods to achieve them. 

backend security series applied security howto cryptography database security

Read more...


15 Aug 2016

Classic backend security design patterns

In the upcoming series of articles, we'll ascend from classic database security techniques to the modern technologies, including some cutting edge research data and our own experiments.

applied security howto backend security series database security

Read more...

All posts

Previous Previous

Copyright © 2014-2019 Cossack Labs Limited
Cossack Labs is a privately-held British company with a team of data security experts based in Kyiv, Ukraine.