Published: Wed 21 December 2016
Are all Tor exits real? Are the advertised IPs what they seem to be? A short article about verifying current state of Tor exits.
Published: Thu 03 November 2016
Third post in a series about securing all the layers of a webapp. More technical details, ways to isolate the service from other processes on the system, and to monitor weird behaviour. Pick and choose traditional and recent features to isolate any bad actions.
Published: Sun 30 October 2016
Second post in a series about secure development of web applications. We describe what can be done to improve credentials storage and verification and why you should do it. Check out possible implementations, potential risks, and tradeoffs for custom storage or outsourcing.
Published: Wed 19 October 2016
First post in a series about securing all the layers of a webapp. From development, to deployment, to the system it’s running on. Staring with the application code itself. How do you know it’s secure, where to find more information, what tools to use to help in day to day development.