Development

development

Cossack Labs Blog

4 Apr 2019

Building Defence in Depth for Your Data Using Acra

How to protect the data in your app infrastructure using the defence in depth approach, explained on the example of Acra encryption suite.

database security Acra applied security development SQL Web backend security series postgresql

Read more...


22 Nov 2018

How to Implement Tracing in a Modern Distributed Application

A battle-tested explanation of why tracing is a very useful technique you can benefit from in your projects. A story from the trenches of implementing distributed tracing in our Acra data security suite.

howto development tracing Acra DevOps

Read more...


29 May 2018

Reducing Docker Image Size for Acra

We tried out and described a few approaches to reducing the size of Docker images for the components of our database encryption suite Acra. As a result, we found a way to reduce the container size by roughly 62 times.

howto Docker development Acra

Read more...


23 Nov 2017

Auditable Macros in C Code

Turning macros into auditable C code in a highly parameterised cross-platform cryptographic library Themis with a help of preprocessor customization.

Themis development cryptography

Read more...


21 Sep 2017

Replacing OpenSSL with Libsodium

The second article in a series of three that covers our experiments with different sources of crypto primitives for Themis. This time we tested its multi-platform capabilities with Libsodium.

cryptography OpenSSL Libsodium Themis development

Read more...


6 Mar 2017

Importing with ctypes in Python: fighting overflows

Best cases of boring technical debt are understood when reflected properly. This post addresses a simple one: inelegant flags in core C library ended up breaking Python tests. This is no small case to us: tests breaking sometimes might end up in things seeming to work, but not really working. Not something you can afford yourself when you're doing cryptography, do you?

Themis development Python

Read more...


28 Feb 2017

Plugging leaks in Go memory management

Investigating memory leaks can be fun, sometimes. Sometimes it might even teach you a few lessons in how the language you know and like actually works.

development Go Acra

Read more...


23 May 2016

Choose your Android crypto (Infographic)

This blog post features infographic on how to choose cryptographic frameworks when developing Android apps and adds a few notes about Native/Java crypto.
 

Themis cryptography infographic applied security howto Android development

Read more...


7 Apr 2016

Benchmarking Secure Comparator

This post summarizes our experiences of testing Secure Comparator as an authentication mechanism for HTTP.

While we were planning, designing and implementing Comparator, real infrastructure in which it has to function (letting Toughbase instances without shared trust to be able to exchange records and request personal data safely) was very far from being ready, but we wanted to understand how good it was for some practical applications. So we chose the obvious - seeing how SC could work as HTTP authentication mechanism.

Themis development cryptography Secure Comparator

Read more...


30 Mar 2016

Crypto in iOS: Choose your destiny (Infographic)

This blog post features infographic on how to choose crypto when developing iOS apps. It's always useful to put tool choice in context of causes (goals) and effects. This is what we've tried to do in this post. 

Themis cryptography infographic iOS applied security howto development

Read more...

All posts

Previous Previous

Copyright © 2014-2019 Cossack Labs Limited
Cossack Labs is a privately-held British company with a team of data security experts based in Kyiv, Ukraine.