Security Archives - Debricked

Category

Security

Category

Security 2019-06-17

Vulnerabilities in dependencies, third party components and open source

Today there is likely no software project without some form of external libraries, dependencies, open source or whatever you want to call it. But how do you make sure you import healthy dependencies, which do not introduce vulnerabilities and risk into your software? The explosion of open source The amount of open source or other third party code used in a software project is often estimated as 60-90% of the total codebase. The total number of public repositories exceed 100M in 2018 according to GitHub. According to our own findings, practically all companies developing software use open source, third party components or dependencies to varying degrees. Let’s call them dependencies from now. More often than not, hundreds of dependencies are used. This adds a new dimension to software development in that security issues in such code will affect the products in similar ways as issues in the in-house developed code.…

Security 2019-05-29

What is a security weakness?

The terms threat, vulnerability and weakness are often used in cybersecurity. Understanding the difference between these terms is important. It allows organizations to correctly implement, document and assess…

Read More

Security 2019-05-29

What is a security threat?

The terms threat, vulnerability and weakness are often used in cybersecurity. Understanding the difference between these terms is important. It allows organizations to correctly implement, document and assess…

Read More

Security 2019-05-29

What is a security vulnerability?

The terms threat, vulnerability and weakness are often used in cybersecurity. Understanding the difference between these terms is important. It allows organizations to correctly implement, document and assess…

Read More

Randomness Generation

Events 2019-04-12

On the Difficulty of Generating Randomness

Random number generation Random numbers are used in a plethora of cryptographic applications. A random number generator (RNG) is a device that generates a sequence of numbers such…

Read More

JSON

Events 2019-01-10

CTF: JSON Web Tokens (JWT)

Vulnerabilities in JWT libraries JSON Web Tokens (JWTs) are commonly used for authorization purposes, since they provide a structured way to describe a token which can be used…

Read More

Keystream Generation

Events 2018-12-19

CTF: Repeated keystream

The problems with repeated keystream in stream ciphers Repeated keystream can sometimes be devastating when using stream ciphers. The Capture the Flag event co-organized by Debricked at Lund…

Read More