Security
Viewing all posts categorized under Security.
Timeline
Filter by Year
The Zero-Trust Security Wave
An in-depth look at The Zero-Trust Security Wave strategies, focusing on performance, scaling, and system integration.
The Zero-Trust Security Wave
An in-depth look at The Zero-Trust Security Wave strategies, focusing on performance, scaling, and system integration.
Go 1.12: TLS 1.3 Protocol Support, Module Proxies, and GC Sweep Speeds
Analyzing the Go 1.12 release in mid-2019, detailing TLS 1.3 protocol support, module proxy configurations, and GC updates.
Spectre and Meltdown CPU Vulnerabilities: Mitigating Side-Channel Attacks in Web Browsers
Exploring the browser-side mitigations for the Spectre and Meltdown CPU hardware vulnerabilities in early 2018, detailing timer changes.
Web Bluetooth API: Interfacing Browser Client JS with Physical IoT Devices
Analyzing Chrome's native support for the Web Bluetooth API in early 2017. We study Bluetooth GATT profiles, security sandboxes, and characteristics.
HTTPS-Only Web Movement: How Browsers Mark HTTP as Insecure
Analyzing the HTTPS-only web movement of late 2016, detailing Chrome's warnings for non-secure pages and HSTS implementations.
NPM Package Management Security: Deconstructing the Left-Pad Packaging Crisis
Analyzing the NPM left-pad package unpublishing incident of March 2016. We detail dependency caching, lockfile rules, and supply-chain security.
HTTP/2 in Production: Configuring Nginx Reverse Proxy with HTTPS Protocols
A technical guide to configuring Nginx for production HTTP/2 in late 2015, detailing SSL parameters and ALPN negotiation.
Let's Encrypt Public Beta: Automating SSL/TLS Certificate Provisioning via ACME Protocol
Analyzing the Let's Encrypt public beta in late 2015, detailing the Automated Certificate Management Environment (ACME) protocol.
SQL Server Auditing: Monitoring Database Access and Tracking Audit Trails
An engineering guide to configuring database-level auditing in SQL Server 2014, detailing audit specifications and compliance tracking.
The Heartbleed Bug: Technical Analysis and Mitigations for OpenSSL Vulnerabilities
A security post-mortem of the Heartbleed vulnerability in April 2014, detailing OpenSSL heartbeat memory leaks and patch steps.
OAuth 2.0 Authorization Server Implementation: Managing Access Tokens and Refresh Tokens
A design guide to implementing OAuth 2.0 authorization servers in late 2013, detailing database structures and security tokens.
Cross-Site Request Forgery (CSRF): Understanding Tokens and Double-Submit Cookie Mitigations
A security guide to mitigating CSRF attacks in mid-2013. We analyze session hijacks and evaluate anti-forgery token architectures.
Windows Azure AD: Identity Management and Single Sign-On for Enterprise SaaS
Exploring the release of Windows Azure Active Directory in early 2013, detailing federated security, SAML tokens, and SaaS single sign-on integration.
OAuth 2.0 RFC 6749: Standardizing Authorization for Web APIs
An architectural review of the finalized OAuth 2.0 authorization framework (RFC 6749) released in October 2012.
The OWASP Top 10 for 2010: Mitigating SQL Injection and XSS Vulnerabilities
An analysis of the updated OWASP Top 10 vulnerabilities list released in 2010, with step-by-step guidance on preventing SQL injection and XSS.