• Success stories in cybersecurity and information technology

    Ian Walters, Principal, Thought Leader, Coalfire

    RISE is Coalfire’s initiative to Recruit, Influence, Support, and Educate women in cybersecurity. I am honored to have been invited to be an active member of the RISE steering committee and help contribute to this worthy cause.

    Read more
  • AppSec concerns: UUID generation

    Thought Leadership Team, Coalfire

    During static analysis, one of the things the application security team checks for is strong random number generation for security sensitive contexts. We see weaknesses in this space quite often for temporary passwords and session identifiers, but an increasingly common variant is for universally unique identifiers (UUIDs). Read more
  • Asymmetric-key algorithms and symmetric-key algorithms

    Thought Leadership Team, Coalfire

    The symmetry of the algorithm comes from the fact that both parties involved share the same key for both encryption and decryption. It works similar to a physical door where everyone uses a copy of the same key to both lock and unlock the door. A symmetric-key algorithm, just like real doors, requires the distribution and security of  shared keys. Read more
  • Automated application scanning: handling complicated logins with AppScan (only!)

    Dan Cornell, Coalfire

    Ory Segal (@orysegal) from IBM Rational reached out with a simpler method to handle this natively in AppScan. It involves configuring AppScan to add a custom parameter to each request. For the sample case in the authexamples GitHub repository it would be handled like this. Read more

Recent Posts

Post Topics