Tag: Security

Lesson learned: Disabling weak TLS cipher suites without breaking up everything

Recently, I caused a pretty big production issue. It was bad. It all happened when I tried to harden our APIs – by disabling weak cipher suites in the TLS protocol. If you’re not sure what that means – or how it is done, stay tuned! In this post, I’ll explain what happened, why it’s important to harden your APIs, and how to do it properly. Mmm, something looks weird here… A few months ago, while investigating a bug in…

Read More

Security Tests Made Easy with OWASP Zap

Are you running security tests in your CI? You might be wondering – what does running security tests even mean? What does it do? Security tests just test your code for known vulnerabilities, to make sure hackers will not be able to hack into your system. This might sound complicated – but actually, it is pretty simple. There are many existing tools that you can use for running security tests – and in this blog post, I will introduce one of…

Read More

What I learned at AppSecEurope and my thoughts for the future

Last week I was fortunate enough to attend AppSecEurope. There was much discussion about DevSecOps, the hottest trend today in AppSec. The talks were really inspiring and cover this topic from various vantage points. However, I would like to discuss two issues that are extremely relevant for the future of the industry and were missing from the discussion at the event. OWASP Glue Glue is a tool that coordinates various security tools. It makes the integration of various security tools with…

Read More

Userless User Authentication for Mobile Application

Like all the other cool kids, we at Soluto have a mobile app and a lot of micro-services that this app utilizes. Recently, we added a feature to our app that required sensitive user data, and for this feature we had to add some sort of authentication between our app and the services it utilizes. Usually, this problem is pretty simple to solve: Just add social login to the app, and use those credentials to authenticate the requests. This solution…

Read More

Powered by WordPress & Theme by Anders Norén