Transparent data encryption for SQL databases with Acra 0.93
Fully transparent encryption of sensitive fields is possible with open source Acra 0.93 release. Acra works on SQL protocol level, hiding details from developers and reducing encryption integration cost. Learn how it works under the hood.
Acra 0.90.0: application level encryption and searchable encryption for any SQL and NoSQL databases
We are pleased to announce the Acra Community Edition 0.90.0 release, which makes a broad set of security features, including database encryption, searchable encryption, and encryption-as-a-service API available for any developer.
Themis 0.13.0 Is Released
New Themis Release: 0.13.0 # Today, the Cossack Labs team is proud to announce Themis 0.13.0 release. Themis is a high-level “boring” cryptographic library that gives developers easy-to-use hard-to-misuse blocks to solve 90% of typical crypto use cases for web and mobile apps. New update makes storage encryption easier to use and introduces Kotlin for Android support (which becomes the 14th officially supported language). You can find latest source code in the GitHub repository.
Releasing Themis 0.12.0 # The new version is out – please meet our encryption library Themis 0.12.0. Coincidentally, it supports 12 languages/platforms now. In this release, we’re added WasmThemis that allows using Themis in WebAssembly apps , introduced a way to install Themis on Windows (still an experimental feature), improved packaging and platform compatibility (welcome Go Modules !), and added extra safety checks and a few tricky bug fixes.
Install Acra 1-Click App through DigitalOcean Marketplace
Cossack Labs has recently joined the DigitalOcean Marketplace family following our mission to make high-end security tools available to the general developer audience in a convenient fashion. Acra encryption suite is one of the first data security and encryption tools on DigitalOcean Marketplace and it is now available as 1-Click App running in DigitalOcean Droplet . Acra provides selective encryption, multi-layered access control, SQL firewall (SQL injection prevention), database leakage prevention, and intrusion detection capabilities as server deployed in your infrastructure (on prem or in cloud).
Acra on DigitalOcean Marketplace
We always strive to make high-end security tools available to general developer audience in a convenient fashion. Only by making data security accessible, we can ensure real security of sensitive data everywhere. As another step towards our mission, we are proud to announce that Acra encryption suite is now available as 1-Click App running in a Droplet on DigitalOcean Marketplace . DigitalOcean is known for its caring attitude towards development teams of any size.
New Themis 0.11.1
New Themis is greatly improved and sparkly with additions. We are proud to introduce Rust-Themis – full support of Themis for Rust. Rust-Themis works with all four crypto-systems: Secure Cell for storing data securely, Secure Message for encrypting and signing envelopes, Secure Session for encrypting session communications and Secure Comparator for zero-knowledge authentication. All Rust-Themis components can be installed from crates.io . Jump to the Rust How-To guide to learn more.
ACRA 0.85.0 LOOKING GLASS
New Acra 0.85.0 brings the expanded functionality we’ve announced during the release of Acra 0.84.0. We’ve added server-side encryption mode which allows integrating Acra without altering the client application code. It’s called AcraServer’s Transparent proxy mode and allows you to configure AcraServer to parse SQL queries and to encrypt values designated for specific database columns. Transparent encryption mode is useful for large distributed applications where updating the source code of each client app separately would be complicated.
How to build an SQL Firewall
Building AcraCensor transparent SQL firewall There are two main ways to mitigate SQL injections: inside the app (using prepared statements, stored procedures, escaping) and outside the app (using Web Application Firewalls or SQL firewalls). WAFs analyse web and HTML traffic using rule sets based on regexs and are good for covering the known vulnerabilities. SQL firewalls sit closer to the database, analyse SQL statements for potentially malicious content, which makes them more flexible in SQL injections prevention.
Looking Back at 2018 — A Year in Retrospect
2018 was as exciting as it was busy — 7 new versions of Acra Open Source accompanied by Acra Live Demo and Acra Engineering Demo, launch of DGAP security consulting and security training services, over a dozen articles in the blog and Medium, a whole new Documentation Server, talks at conferences all over the world, and many more interesting events. Stats According to our GitHub statistics, 2018 resulted in:
ACRA 0.84.0 NEW HORIZONS
The main new features of Acra 0.84.0 are based around the DevOps’ needs – they eliminate the need to have a deep knowledge of secure development and cryptography to protect your data using Acra. Logs, metrics, and full-scale tracing will help during the deployment and usage of Acra. You can export them to your favourite tools (i.e. ELK, Prometheus, Jaeger) and monitor Acra’s load, performance, and behaviour, in real-time. Great things are planned for the next few releases.
ACRA 0.83.0 RELEASE
As the days were getting shorter, our pull requests were getting longer, and here we are now, proud to present Acra 0.83.0. Its distinctive new feature is the AcraRotate utility, which allows you easily rotate the storage keys on a regular basis or perform an emergency key rotation if you’ve detected (or suspect) a compromise of the client app. SQL filtering got more flexible — the new 6 patterns (including SUBQUERY and LIST_OF_VALUES) allow deep customisation for configuring the accepted queries and blocking malicious requests.
ACRA 0.82.0 IS OUT!
Summer moves on, Acra improves. This corridor of eclipses and Mercury retrograde gave life to the new version of Acra. Whole lotta updates to the already existing infrastructural elements. What else is new? AcraTranslator, for that matter — a lightweight server that receives AcraStructs stored anywhere and returns the decrypted data. Previously Acra was closely tied to the database infrastructure, but AcraTranslator is a tool that allows storing AcraStructs wherever it is convenient — as cells in a database or as files in a file storage (local or cloud storage, like AWS S3).
MEET ACRA 0.81.0
ACRA 0.81.0 RELEASE All the terrible things like lunar and solar eclipses, Mercury retrogrades, and PHP code refactoring will come later — this Friday is fully dedicated to the new release of Acra. In Acra 0.81.0 we’ve concentrated our efforts on improving the overall SQL handling, especially when it comes to SQL injection prevention, and teaching Acra’s “firewall” AcraCensor a few new tricks. If you’ve had troubles integrating some 3rd party WAFs into your infrastructure, Acra now might offer you a simpler, trouble-free solution.
ACRA 0.80.0 IS HERE
ACRA 0.80.0 RELEASE This release is dedicated to usability and unification. Many components of Acra have been renamed. We believe that the updated names will decrease confusion about the components' functions and will make Acra's setup and usage process easier. The new names also align better with the common package naming practices. We couldn’t find a day inauspicious enough to release Acra 0.80.0, but decided that that last day of spring is still quite special :) Here are the changes in the new release:
ACRA 0.77.0 RELEASE
ACRA 0.77.0 RELEASE Sticking to our tradition of rolling out new releases on conspicuous dates, we’re presenting Acra 0.77.0 on Friday 13th, Mercury retrograde. The changelog for the new Acra release was 3 pages long, so we’ve decided to spare you the details here (but you can always read the changelog in full in the Cossack Labs GitHub repository if you want to). Here are the main changes in the new release:
ACRA 0.76 IS OUT NOW!
ACRA 0.76 RELEASE The spring and change are in the air! After a year in testing by early adopters (Acra 0.75 was released 1 year 5 days ago), we’re starting to push new features into the open-source version of Acra. 0.76 is a stability release, which unifies a lot of things “under the hood”: module interfaces, test automation, API, connection schemes — everything we need to gradually unveil & plenty of new exciting features we’ve prepared based on the user feedback.
Releasing Themis 0.10.0
THEMIS 0.10.0 RELEASE We couldn’t hold out till St. Valentine’s Day, so we’re releasing the love and all the hard work put into the new version of Themis today. Themis 0.10.0 is out and there is no turning back as this release introduces breaking changes. If you are using Themis on x64 systems, consider upgrading every Themis library/wrapper you were using to 0.10.0. Incompatibility issues may arise between previous Themis versions and 0.
Themis 0.9.6 release
THEMIS 0.9.6 RELEASE One release a week is good, two releases is better still. After releasing Hermes-core 0.5.1 PoC yesterday, following the good tradition of releasing on the 13th day of the month, we’re releasing Themis 0.9.6 today. The main feature of this release is adding support for OpenSSL 1.1. The rest of the update details are as follows: Docs: Significant update of the Contributing section in Wiki.
Hermes by Cossack Labs Cossack Labs release a proof of concept version of Hermes — a framework for cryptographically assured access control and data security. A PoC reference implementation of Hermes is Hermes-core 0.5.1, the source code and accompanying documentation of which become available on December 13, 2017. What is Hermes Hermes is a cryptography-based method of providing protected data storage and sharing that allows enforcing cryptographically checked CRUD permissions to data blocks and doesn't let server that's running Hermes do anything worse than DoS.
Themis 0.9.5 release
THEMIS 0.9.5 RELEASE Strategic planning, respect for traditions, and a consultation with our in-house astrologer led to an imminent release of Themis 0.9.5 on Wednesday 13, the 256th day of the year a.k.a. the International Developer’s Day. The update focuses on crystallizing conveniences, niceties and compatibility fixes that have been around for some time now. Here is the list of improvements: Infrastructure: You can now download pre-built Themis packages from our package server.
Introducing Acra If you are concerned about data security, this means confronting a threat landscape that requires vigilance and defence against a wide range of attacks. One of the prime targets for attack continues to be sensitive data that is stored in backend database storage. From simple discovery of unsecured databases, through classic SQL injection techniques, to compromised infrastructure that allows wholesale copying of database content, attacks focus on data assets with increasing precision.
Themis 0.9.4 release
Why feel cold when happiness and laughter of your colleagues might make any evening warm and happy. Yesterday our team gathered to release Themis 0.9.4, and so did we. Take a look at the updates: BoringSSL support on Android and Linux Fixed some leaks and code styling problems (thanks to @bryongloden) Memory management updates for stability in languages, which rely on GC Fix Themis build errors under certain conditions Swift3 support + numerous enhancements from @valeriyvan
Introducing Themis 0.9.3
More than half of the year has passed since the last release and we have done a lot to make Themis better. Here is what we have updated: Infrastructure: Lots of new high-level language wrappers Enhanced documentation We have added lots of various demo projects Updated Themis Server Better make system verbosity (now you can see what succeeded and what didn't) Infrastructure to build Java on all platforms. Code: iOS wrapper now has umbrella header.
Introducing Themis Server
Intro Themis server is a sandbox for developers, who want to test Themis features without spending too much time and effort. You don’t have to deploy client and server, as you can find it on themis.cossacklabs.com and dive straight into using library, with handy examples. Themis server gradually evolves, so some slight differences in button placement are possible over time (as they happen at the time of writing), yet core functions will remain unchanged.
WebThemis: proper crypto for modern Web
What is WebThemis WebThemis enables web app developers to build browser applications with strong cryptographic services, provided by Themis cryptographic library. Currently, WebThemis works in Google Chrome as PNaCl module; it can be loaded during a regular web session, or used as a library within Chrome App. WebThemis provides main Themis cryptographic services: Secure Cell: a multi-mode cryptographic container, suitable for storing anything from encrypted files to database records and format-preserved strings.
Introducing Themis 0.9.2
For the release 0.9.2 of Themis, we did a lot of minor and a few major changes: Infrastructure: Much better documentation. Updated documentation reveals Themis Server, helpful associate for Themis library: a server where you can see current project status and try out different encryption techniques in your app with server as second party. Official tutorial will follow up soon. All platforms and languages are fully covered in tests now
Building encrypted chat service with Themis and mobile websocket example
Introduction Imagine you'd like to build your own chat server, which allows clients to exchange messages safely. You have a simple infrastructure consisting of a server written in Ruby and clients for iOS and Android. This is exactly what the famous Mobile websocket example provides. We have modified it to illustrate how simple it is to add security features using Themis. In this tutorial, we'll try to preserve as much of it's simplicity and architecture as possible, but add cryptographic protection.
Releasing Themis into public: usability testing
How we did usability testing for Themis when releasing the open source library into public. When we were ready to release Themis, we've gathered a few colleagues and decided to make a test run on unsuspecting developers - how would the library blend into their workflows? 1. Introduction While usability testing for user-centric applications has it's own distinct techniques, standards and frameworks, this is not so typical for a relatively complex and technical library aimed at developers and spanning multiple languages and platforms.
We are proud to present Themis, a novel cryptographic services library. Every good work of software starts by scratching a developer's personal itch. (The Cathedral and the Bazaar) What is Themis? Themis is a high-level cryptographic services library: a library that provides easy to use, highly abstracted set of functions for solving real-world security problems. We would like you to focus on building your software with security taken care of by professionals, instead of scrupulously assembling the building blocks of cryptosystems, resolving implementations, platform availability, vulnerabilities, and performance constraints yourself.