Category: Application Security
-
Short URLs are Harmful for Cloud Data Sharing
I was never a big fan of sharing cloud data through a unique link, rather than nominating the specific people that can access the data. To me it feels like security through obscurity. It looks something like this: https://{cloud_storage_provider}/?secret_token={some_unique_token} All the security of this model relies in the randomness and length of the secret token.…
-
http vs https performance
A while ago I had a huge argument with a development team regarding the usage of https. Their major concern was that the impact on performance would be so big that their servers wouldn’t be able to handle the load. Their approach was to use https just for the login sequence and plain text communication…
-
Is application security an agile process?
No. Judging by the way it is marketed and sold today, application security is not, by any means, agile. Can it be? Well, Microsoft says so. When it comes to security, Microsoft changed a lot in the past decade. The development frameworks they offer have built-in security features nowadays. So, if they say security can be built…