Threat Modeling: Designing for Security

Threat Modeling: Designing for Security

You’ve probably already heard the phrase “threat modeling” more than a few times. Threat modeling is a highly undervalued, often overlooked aspect of building secure applications—which is a shame, because you don’t have to be a large...
Carve Systems Guest Author Program

Carve Systems Guest Author Program

Carve Systems invites technical experts to contribute posts as a guest author on the Carve Systems blog. We want to create a useful technical blog that covers the very broad field of information security. If you would like to contribute a guest post please contact...

JWT, OAuth, and Algorithm Choices

Implementing systems that securely authenticate users and authorize their activities within applications can involve multiple interactions that cross trust boundaries. When applications are written in different languages, live in different environments, but still want...

Meltdown and Spectre. Oh My!

Introduction Meltdown and Spectre. Oh My! There have been a lot of new terms floating around the internet these last few days: Meltdown, Spectre, etc… What does it all mean? In this post, I will explain the high-level pieces, what systems are affected by this,...

Would You Like Phishing Coverage with That?

People who purchase life insurance don’t usually sit around waiting to die. They probably exercise and eat healthy, for example, in order to prolong their life. Similarly, “Cyber Liability/Data Breach” insurance policyholders should not sit around waiting to get...

Bitcoin Protocol and “Low Risk” bugs

Low risk security issues can kill you. It isn’t that they come out and stab you in the heart, it is more a soft death of many cuts. You may not even know you are bleeding. Mosquito saliva has an anesthetic in it, you won’t even know it is there sucking your blood...