CI/CD Security in Automotive Software: More Questions than Answers
There are many challenges in automotive software development. Not only with the need to deliver fast, while making sure that the software actually works as intended inside the car. Once it’s…
JavaScript should stay away from servers until further notice
JavaScript has had an interesting progression over the years. Going from a quick project finalized in days, to something used for styling the web, to full-blown frameworks that evolved at the…
Pentesting a Web Application: A Case Study
Following my previous case study on Windows application security testing, I returned to my area of expertise: web applications. Familiarity doesn’t guarantee ease, particularly when facing…
Web App Security Architecture: Implementing Defense-in-Depth
In this article, we are going to explore the defense-in-depth principle applied to web applications. Actually, it can apply to most software. Nowadays, modern software is designed with an…
LLMs are on their way to becoming our greatest security vulnerability
LLMs are currently transforming all fields and are being weaponized by cyber attackers. In a brief span of time, GenAI has left its mark on cybersecurity as well. While gaining traction, its…
WhatsApp gets the boot: House of Representatives the app from official devices
The US Office of Cybersecurity finally banned WhatsApp on all staff devices, a move that has left many wondering why it took so long. The memo: “The Office of Cybersecurity has deemed WhatsApp…
NIST SP 800-12 Rev 1: An introduction to Computer Security
People might view cybersecurity as an extension of software development or of the tech industry. However, deeper exploration reveals this view to be inaccurate. Software development, personal…
23andMe bankrupcy sell: Privacy concerns and escalating tensions surrounding the headline
23andMe’s bankruptcy is making constant headlines. A while back Regeneron Pharmaceuticals bought genomics firm 23andMe for $256 million, after a court-supervised sale [source]. Despite the…
Signal is in the news and for the wrong reasons, yet again
“The human is the weakest link in the security chain.” Recent events in Washington have demonstrated this cliche with clarity. This week, we’ve all witnessed yet another high-profile security…
Pentesting a Windows Application: A Case Study
With time, pentesting develops into a somewhat predictable process. Years spent coding web applications now frequently result in web penetration testing assignments for me. While web…