Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


PGP Decryption Bypass in Flutter Application

During the assessment of one of the financial applications built upon the flutter framework, we came across that the application was using PGP encryption for encrypting the API requests. It is pretty common for financial applications to be implementing traffic encryption, with AES seen to be the preferred algorithm for encrypting traffic. There is plenty of research already available on decrypting AES encrypted traffic.

Data is Everywhere and Encryption Must Follow: Why You Need EDRM

It is becoming increasingly difficult to guarantee a safe boundary for your sensitive data. As work-from-anywhere cements, employees are now collaborating freely with each other, with contractors and with partners. But this freedom to collaborate more broadly also means information is being shared among devices, applications and networks that your organization doesn't necessarily have control over.

How to do password encryption in Java applications the right way!

There are multiple types of encryption and most ecosystems and languages come with many libraries to help you encrypt the data. The question nowadays is, what type of encryption should I pick for the problem. This article will focus on encrypting passwords for Java applications specifically. While we can apply the main principles to any ecosystem, we will explore examples and libraries in Java that are useful for your daily job.

Break the account takeover kill chain with better password encryption

The new currency in the digital age is personally identifiable information (PII). Information about who we are, what we like, how we act, where we go and why we do things is a valuable resource which organizations use to sell to us more effectively. Users rightly expect businesses to take proper care of this information, because in the wrong hands, it can be used to harm the user.

How to Encrypt S3 Buckets Automatically with Torq

S3 buckets without encryption can leave sensitive data exposed and at risk. As a best practice and to meet a number of industry and governmental regulations, it’s important to ensure that S3 server side bucket encryption has been properly applied at all times. To do this, many security teams rely on their Cloud Posture Security Management (CSPM) platform and/or AWS GuardDuty to monitor their AWS resources and provide alerts when an S3 bucket is found unencrypted.

What is Encryption? Difference between symmetric and asymmetric encryption

Encryption is the act of encoding information to make it unreadable for anyone other than those who are authorized to read it. There are two types of encryption: symmetric and asymmetric. Symmetric encryption uses the same key to encode and decode data, while asymmetric encryption uses different keys - one public key that can be shared with everyone, and one private key only known by the owner. In this video, we discuss the meaning of encryption and what it is used for. We also go over what asymmetric and symmetric encryption are.

How does encryption remove risk for auditors?

For those in the security space or at C-level, you’ve likely seen a recommendation about how to manage encryption and corresponding keys. Or at least something about encryption needing further consideration. Chances are, if you’re reading this you have at least an interest in the topic and are researching relevant products.

Encryption and authentication don't need to be painful! Here's how.

I had the pleasure of being at an in-person event recently. Aside from the joy it brought me to simply see people for the three-dimensional beings they are, it was of course incredible to connect with the Information Security community once more. Interestingly, a topic came up in quite a few of my conversations with fellow delegates. And it was one that I wasn’t expecting: encryption. It was often amiable, but on a couple of occasions eyes would roll.