Skip to main content

Making sense of the SAST, DAST, IAST, RASP soup #1

Software security scanner market today is now mature enough to have its own jargon, built largely by vendor marketing teams. As such, it’s primarily designed to help you get rid of your infosec budget rather than help you design a reasonable security assurance architecture. This is first part of series that looks at SAST and DAST advantages and limitations.

Read more…

Upgrading and backing up your LUKS header

All mainstream Linux distributions now ship with full-disk encryption available and for portable devices like laptops or smartphones it’s certainly a must. This article is a few quick recipes for upgrading your LUKS header for improved performance and security (if your device has been installed a while ago) and for backing up your LUKS header to ensure access in case of hardware failure.

Read more…

IPFS website cheat-sheet

This website is generated using Nikola and hosted on IPFS with web server on krvtz.net domain operating merely as a proxy to IPFS node. After some struggle, I decided to share a few hints on how to actually implement such setup in a way that will not result in cryptic error messages being displayed to your clients.

Read more…

Dealing with legacy systems

In an ideal DevSecOps world all infrastructure servers and auxiliary applications are running an up-to-date LTS versions and are subject to an actual lifecycle maintenance policy. In the real world, we have to deal with end-of-life applications installed on unpatched end-of-life operating systems… and still make this secure.

Read more…

Overview of PGP replacements

OpenPGP became a de facto standard for encryption and digital signature, used to secure email and XMPP communications but also by as a dedicated file encryption and signing provider by popular backup tools. Each of these use scenarios suffers from dated OpenPGP design and confusing user interface.

A number of notable projects were developed with the intent to replace OpenPGP, some with ambitions to replace the whole cryptosystem, others with a very limited scope following the “do one thing well” philosophy.

Read more…