SaaS is cool. You get up and running quickly, and get tremendous new capabilities in just a few clicks. Dozens of SaaS products have become popular, and new solutions are…
If you’re a developer, a CTO or a DevOps, how can you identify attackers in your user base before they exploit a vulnerability in your application? As soon as you…
Legacy applications. If there’s one thing that developers agree on, it’s that they don’t want to work on them. If not that, it’s that they’re often, by default, assumed to…
As we are still seeing a lot of applications depending on the Python Cryptography Toolkit (aka pycrypto) to manage their cryptography, this is a quick reminder to stop using it. The vulnerability…
Security, it’s a topic that’s become near and dear to my heart as a software developer. But that doesn’t mean that every developer shares my perspective. What’s more, we’re a…
Introduction Web applications handle a lot of user accounts and data today. This is especially true for B2C products, but self-service SaaS applications also deal with thousands of user accounts.…
Introduction: more than tinfoil hats Congratulations! If you’re reading this, you are part of the lucky few that understand they need to care about cybersecurity risk management. You would think…
TL;DR This post gathers what you need to know, and what you need to do, if you use CloudFlare, or if you personally used a website using CloudFlare. CloudFlare is…
In our last article on OWASP Top 10 cheat sheet for startup CTOs we discussed the anatomy of application vulnerabilities and saw how CTOs can secure their applications against the OWASP top 10.…
2017 is off to a great start and like most engineers, your list of new year’s resolutions probably contains: Improve your code coverage Clean your technical debt Improve your regression…