Recent Posts

OWASP Top 10 2017 draft released

3 minute read   -   April 26, 2017

OWASP published a draft of Top 10 Application Security Risks 2017. It has already caused a lot of controversy among web security folks. So here is my viewpoi...

HTTP/2 Security Implications

7 minute read   -   July 28, 2016

HTTP/2 is a major revision of HTTP protocol. RFC of HTTP/2 was published in May 2015. Currently most client-server communications is done via HTTP/1.1. In pr...

Understanding TLS

7 minute read   -   May 05, 2016

This is an article I’ve meant to write for last two years. Getting TLS right seems to be a major challenge for many admins. And I do not mean only some rando...

Rowhammer.js - memory corruption via JavaScript

2 minute read   -   July 31, 2015

Recently I stumbled into an interesting paper. This paper introduces a bug / vulnerability called “Rowhammer.js”. In short: Rowhammer.js enables hardware-lev...

Hackers gonna hack, or get hacked

2 minute read   -   July 11, 2015

Italian based company Hacking Team suffered a major security breach earlier this week. Hacking Team provides offensive cyber security capabilities mainly fo...