Category Security

The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software

Several quotes from ‘The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software’ 2006 book by Michael Howard; Steve Lipner Design specifications miss important security details that appear only in code. Don’t just say, “This is bad.” Instead, say, “This is the way you should do it.” In our experience, engineering staff […]

Integrated Development of Safety and Security Requirements

Reprinted from Technical Papers on the Development of Embedded Electronics by Vector Christof Ebert, CEO of Vector Consulting Services GmbH and a professor at the University of StuttgartEduard Metzker, Solution Manager for Cyber Security at Vector Informatik GmbH Today, the systematic development of safety requirements is essential in developing embedded systems. Due to the growing […]

Secure communication for CAN FD

Reprinted from Technical Papers on the Development of Embedded Electronicsby Vector Here I would like to highlight some of the most interesting ideas from the set of articles by Vector. This is 7 of 7 posts on this topic. Encrypted data transmission is not yet the norm in vehicle networks. Vector has conceived an implementation […]

Defending cyber-physical systems from digital attacks

Every 30 years there is a new wave of things that computers do. Around 1950 they began to model events in the world (simulation), and around 1980 to connect people (communication). Since 2010 they have begun to engage with the physical world in a non-trivial way (embodiment – giving them bodies). ‒ Butler Lampson, Microsoft […]

My picks, 2015-11

These are the latest articles and videos I found most interesting. Mathematics and sex Kob Mating Ritual Capuchin monkey flirting Gorilla Mating Croc vs. Hippo IXV: Mastering atmospheric reentry Miguel Nicolelis: Brain-to-brain communication has arrived. How we did it Security Analysis of Estonia’s Internet Voting System How robots could be your future surgeons Mathematics and […]

My picks, 2015-1

These are the latest articles and videos I found most interesting. Why Electronic Voting is a BAD Idea Are You Sitting Too Much? Why Do We Eat Spoiled Food? Cute Jumping Indri Lemurs – Madagascar Danny Macaskill: The Ridge CGI VFX Breakdown HD: “Winter Olympics: Sochi 2014 Opening” How Much Salmon Can a Kodiak Bear […]

JSON Web Token (JWT)

JWT is the standard for securing REST web services. “JSON Web Token (JWT) is a compact token format intended for space constrained environments such as HTTP Authorization headers and URI query parameters. JWTs encode claims to be transmitted as a JavaScript Object Notation (JSON) object […]”. References below describe it as well as provide links to […]

Website Security: ClickJacking Defenses

This is a reference to a post on MSDN. It discusses frame-busting technique to defend websites against click-jacking. IE8 Security Part VII: ClickJacking Defenses Web developers can send a HTTP response header named X-FRAME-OPTIONS with HTML pages to restrict how the page may be framed. If the X-FRAME-OPTIONS value contains the token DENY, IE8 will […]

Eight Handy Security Tools for a Novice

This is a reference to InfoSec post: Eight Handy Security Tools for a Novice

Content Security Policy and XSS defense

W3C introduced a standard to help protect websites against XSS by adding the following meta tag to the website response generated by a server: References: W3C Standard Content Security Policy 1.0 is officially awesome An Introduction to Content Security Policy