Young hacker smiling
Weak bicycle lock with words

Requiem for a p455w0rD

Why passphrases are better than passwords
Quill icon Rafael Ballestas   Folder icon identity   Tag icon password,  credential,  security

What would you rather have at your home door: a simple, weak key that needs to be changed every other week, or a one-time-setup, state-of-the-art, virtually unpickable cruciform key? Figure 1. Lock key comparison via Locksmith Ledger. That’s just the difference between rotating short passwords vs having one good …



Blank CSV document icon

Is that CSV Secure?

Defining CSV injection vulnerabilities
Quill icon Jonathan Armas   Folder icon attacks   Tag icon security,  csv,  code,  web

Comma-Separated Values file (or CSV) is a type of file that stores tabular data, numbers and text in plain text. Each line of the file is a data record and each record consists of one or more fields separated by commas. CSV is a common data exchange format that is …



Hands typing in a text editor

The importance of pentesting

Protect your company against Hackers, not Lamers
Quill icon Felipe Gómez   Folder icon philosophy   Tag icon security,  protect,  information

Without a doubt, the recent events in relation to the infringement of privacy, such as the theft of personal information from celebrities, the Sony, Target and Equifax hacks, and the big ransomware that affected Telefonica, make us reflect about how organizations protect their information. All of this in addition to …



Text editor with code highlighting

Another proud son of JSON

Using JSON Web Token to send data
Quill icon Juan Aguirre   Folder icon identity   Tag icon security,  information,  jwt

Today everything is connected, and thus, everything is communicated. Security has become a major issue in the complex world of web applications and their communications. Figure 1. JSON Web Token JWT JSON Web Token A JSON Web Token (JWT) is a URL safe way to represent a set of information …



Doll using a magnifying glass while searching through a set of data

Symbolic execution for mortals

What is it and how it works
Quill icon Juan Aguirre   Folder icon attacks   Tag icon security,  test,  software

In 2003 the Defense Advanced Research Projects Agency, DARPA, announced the Cyber Grand Challenge, a two-year competition seeking to create automatic systems for vulnerability detection, exploitation, and patching in near real-time which brought quite a big and complex task to the table. With this task symbolic...



Line of Lego stormtroopers with one facing the opposite direction

Conserving your identity

Using WS-Security to secure your web apps
Quill icon Juan Aguirre   Folder icon identity   Tag icon web,  security,  information

In the digital era everything is or has a web application. Web apps are no longer just about content delivery, they have evolved to solve complex business needs and have become a mechanism for application integration. The communication and integration of these applications is most commonly done through Web Services …



Several boxes prompting for username and password

Multiple credentials begone!

Security issues and solutions of SSO services
Quill icon Juan Aguirre   Folder icon identity   Tag icon security,  credential,  saml,  standard

The evolution of information technology brings with it many challenges, one of the biggest ones being Identity and Access Management. To take care of the growing vulnerabilities and attacks in this area, experts often recommend a Single Sign-on service (SSO). One of the most popular solutions implemented across...



Magnifying glass finding password in a set of binary data

Storing passwords safely

Solving Yashira hash challenge 3
Quill icon Jonathan Armas   Folder icon challenges   Tag icon password,  security,  challenge

By the end of the year, we witnessed a huge increase in the amount of attacks that extracted large quantities of personal information, emails and passwords. Even one of the biggest email services, Yahoo, suffered an attack by cyber-criminals and they robbed more than 500000 accounts, in doing so, accessing …



Service status - Terms of Use