applied security

Cossack Labs Blog

15 Aug 2016

Classic backend security design patterns

In the upcoming series of articles, we'll ascend from classic database security techniques to the modern technologies, including some cutting edge research data and our own experiments.

Read more...


27 Jul 2016

Zero Knowledge Protocols without magic

In this post, we talk about Zero-Knowledge Proofs, tie ZKP authentication to traditional security models and help you understand better how authentication, in general, should work. 

Read more...


20 Jul 2016

Perimeter security: avoiding disappointment, shame and despair

Lighter reading: general thoughts on how the familiar mindset of 'protect the perimeter' changed over time.

Read more...


23 May 2016

Choose your Android crypto (Infographic)

This blog post features infographic on how to choose cryptographic frameworks when developing Android apps and adds a few notes about Native/Java crypto.
 

Read more...


30 Mar 2016

Crypto in iOS: Choose your destiny (Infographic)

This blog post features infographic on how to choose crypto when developing iOS apps. It's always useful to put tool choice in context of causes (goals) and effects. This is what we've tried to do in this post. 

Read more...


3 Mar 2016

What's wrong with Web Cryptography

Threats you may face when implementing cryptography within your web application JS way.

Read more...


26 Nov 2015

Why we need novel authentication schemes?

Current technological advancements in authenticating users seems to be sufficient for most cases. However, taking a more detailed look reveals weaknesses and tradeoffs in all existing authentication schemes. Before explaining the methodology and cryptography behind Secure Comparator, our authentication protocol, we wanted to outline reasons for developing it in a brief review of existing authentication methods.

Read more...


28 Oct 2015

Why you should avoid SSL for your next application

TL;DR: SSL is huge, inefficient, complex and may present plenty of security threats. For most platforms, it's the best we've got. For some, where it can be configured properly - it's lifesaver. For many - it's the illusion of security. Let's see what applies to your application.

Read more...

All posts

Previous Previous