Category: Application Security

All development teams should get in the habit of digitally signing their applications, especially before sending to QA or production. Code signing is not only a best practice. It …

In this post, we’re going to discuss the process of assuming a role with MFA from the AWS CLI using Awsume. In our last post, we discussed in ad …

In this blog post we’re going to discuss how to set up a new user in the AWS Management Console, how to enable MFA on that user, how to …

Awsume is a great tool that allows you to seamlessly switch between multiple AWS CLI profiles. You may utilize multiple CLI profiles to enforce principal of least privilege. The …

Burp Suite is my go-to tool for performing penetration tests against web applications. I was recently asked if it was possible to integrate Burp into a development pipeline, so …

In previous posts, we’ve learned about the importance of using a password hashing function like Argon2id to create hashes of passwords that can be safely stored in a database. …

In the past couple of blog posts, I’ve been discussing various password hashing algorithms and how Argon2 (specifically Argon2id) is the algorithm that leading cryptographers recommend. In this post, …

In my last post, I discussed four cryptographic hashing functions that are suitable for password storage. I pointed out that Argon2 (in particular Argon2id) is the hashing function that …

I’ve said it a million times. Passwords are the bane of a developer’s existence. Authentication is incredibly complicated, and much of that rests around password storage. I highly recommend …

If you have ever tried to secure a development environment, you know that it is an incredibly challenging task. Developers often need administrative privileges in order to install and …