Tag: encryption

  • http vs https performance

    A while ago I had a huge argument with a development team regarding the usage of https. Their major concern was that the impact on performance would be so big that their servers wouldn’t be able to handle the load. Their approach was to use https just for the login sequence and plain text communication…

  • Techniques to play with custom and encrypted protocols

    An interesting presentation from DEFCON20 provided by Elie Bursztein and Patrik Samy called “Fuzzing Online Games” touches areas of application security where traffic analysis is not enough to perform a penetration test. As stated by the authors: “In a nutshell the lack of direct access to the game server and having to deal with clients…