security by design – Page 7

End-to-end Encrypted Group Chat Considerations

Posted on February 26, 2019 by TCB13

I was thinking about building a simple end-to-end encrypted chat with group chat capabilities. Please bare in mind that 1) it’s just an experiment to help me know more about cryptography and 2) I’m an humble programmer not a … Continue reading End-to-end Encrypted Group Chat Considerations→

Moving to the Hybrid Cloud? Make Sure It’s Secure by Design

Posted on February 7, 2019 by Kaja Narum

Failure to consider security when developing a hybrid cloud can lead to unanticipated problems that don’t exist in typical technology infrastructure.

The post Moving to the Hybrid Cloud? Make Sure It’s Secure by Design appeared first on Security Intelligence.

Continue reading Moving to the Hybrid Cloud? Make Sure It’s Secure by Design→

Why don’t smartphone manufactures write the IMEI onto one time writable ROM so that it can’t be tampered with? [on hold]

Posted on January 14, 2019 by nikhil

The title says it all basically. Even now, why is tampering IMEI possible at all? Shouldn’t manufactures be using one time writable memory to embed IMEI into phones? Why don’t they?

Continue reading Why don’t smartphone manufactures write the IMEI onto one time writable ROM so that it can’t be tampered with? [on hold]→

Exception handling in multi-tier applications

Posted on November 29, 2018 by Nikola Luburić

Error and exception handling in web applications can introduce security issues, often in the form of denial of service (i.e., when a service crashes because of poor error handling) and information disclosure (i.e., when an ex… Continue reading Exception handling in multi-tier applications→

Pumping the Brakes on Artificial Intelligence

Posted on October 3, 2018 by Tara Seals

Businesses are increasingly adopting artificial intelligence, but all too often these platforms don’t feature security-by-design. Continue reading Pumping the Brakes on Artificial Intelligence→

It’s Time for Cryptocurrency Security to Catch Up With Investor Expansion

Posted on August 29, 2018 by Christophe Veltsos

Regulators and digital coin exchanges should build robust cryptocurrency security into their systems to protect themselves and individual investors from theft and fraud.

The post It’s Time for Cryptocurrency Security to Catch Up With Investor Expansion appeared first on Security Intelligence.

Continue reading It’s Time for Cryptocurrency Security to Catch Up With Investor Expansion→

Can you tell me if my design is secure?

Posted on August 20, 2018 by Will

I’m designing a database interface for a system that could store PII. My first focus is on making sure all the data is secure, to do this I have designed the system as follows.

I’m running three separate servers with three s… Continue reading Can you tell me if my design is secure?→

How useful is PDF signing in real world usage?

Posted on August 14, 2018 by DarcyThomas

Background scenario:
So we had a problem where our system (Alice’s shiny widgets) generated a PDF with a quote amount for 10 widgets. Someone (Eve) took the PDF, altered it to increase the price by 20%, they then presented the PDF as an ex… Continue reading How useful is PDF signing in real world usage?→

Agile Security Threat Modelling

Posted on June 23, 2018 by nathan123

I am asking around the security community trying to get different opinions and discover the different methods of how to introduce and implement threat modelling and sec design reviews into an agile SDLC. I would be really gra… Continue reading Agile Security Threat Modelling→

What all key areas need to be focused in Secure Design Reviews?

Posted on June 22, 2018 by cyber research

Could you please help me in understanding key areas which we need to be concentrated on Secure Design/Architecture reviews?

How Threat Modeling can be achieved ? If there is any examples / scenarios ?

Continue reading What all key areas need to be focused in Secure Design Reviews?→