• #security on software development security and web security, security best practices and discussions, break-ins and countermeasures. Everything you ever wanted to know about software security but were afraid to ask, for fear of not understanding the answer!

Passwords and other secrets in source code

Passwords and other secrets in source code

Secrets are bad. Secrets in source code are an order of magnitude worse. Secrets are difficult to protect. Every attacker goes after the secrets and we must protect our secrets against all of them. The secrets are the valuable part of our software and that’s why they are bad – they represent an area of ...

Read More

Security Forum Hagenberg 2015

I will be talking about the philosophy in engineering or the human factor in the development of secure software at the Security Forum in Hagenberg im M├╝hlkreis, Austria on 22nd of April. https://www.securityforum.at/en/ My talk will concentrate on the absence of a holistic, systemic approach in the current software development as a result of taking ...

Read More

House key versus user authentication

I got an interesting question regarding the technologies we use for authentication that I will discuss here. The gist of the question is that we try to go all out on the technologies we use for the authentication, even trying unsuitable technologies like biometrics, while, on the other hand, we still use fairly simple keys ...

Read More