March 1, 2016

How to Confirm Whether You are Vulnerable to the DROWN Attack

Another OpenSSL vulnerability has been uncovered. The new vulnerability is one in yet a series found lately in the OpenSSL library, a toolkit implementing SSL v2/v3 and […]
October 1, 2015
Cross-site Scripting in JavaScript

The Rise of JavaScript XSS and Practical Mitigation Techniques

Cross Site Scripting (XSS) is listed by OWASP Top 10 as #3 on the list. If you tried to decipher Cross-site Scripting and understand its mitigation, […]
July 21, 2015

How to Quickly Audit Your Cryptography Usage?

Cryptography is an important security security control  for any application.  It is essential in securing data at rest and in transit. But how do you know […]
July 8, 2015
secure javascript express application

Setting up a Secure Instance of Express JS (GitHub Repo)

In a previous blog post I mentioned ways to secure your ExpressJS instance. This included both using third party modules and modifications to the default configuration […]
June 19, 2015

The Canadian Government Outage and Raising Profiles of Simples Attacks

The Canadian Govt was hacked! The Globe And Mail reported a few days back: A cyberattack crashed federal government websites and e-mail for nearly two hours […]
May 29, 2015

Reading through the IRS Hack: Failures and Analysis

IRS has reported that  thieves stole tax information from 100,000 taxpayers, pretty disturbing news on multiple levels. The first level of disturbance is obviously that an […]
May 27, 2015

Security Comparison: AngularJS vs Backbone.js vs Ember

Introduction Client side JavaScript security is becoming more and more of an issue with the shift to Single Page Applications or SPAs in modern web development. […]
May 7, 2015

Simplified Security Code Review Process

Obviously it is not 2005 anymore. 10 years ago most organizations were OK with perimeter security and a vulnerability scanner. This shift started to happen in the U.S […]
April 30, 2015

Cyber Security Laws & Regulations in Canada

Pop quiz, do Canadians and Americans approach cyber security the same way? The answer is a clear and definite no. With the recent passage of HB […]
April 8, 2015

Secure Your Express Application

At Software Secured, we have been building our internal tools around Node.js and Express. Node.js is becoming more and more popular nowadays and several frameworks have […]
November 4, 2013

Top Risks and Recommendations For Windows Store Apps

This article originally appeared on Microsoft Developer Connection   OWASP’s Mobile Top 10 is a project launched by OWASP to identify the top 10 risks and […]
July 16, 2013

Federated Identities: OpenID vs SAML vs OAuth

Single sign-on (SSO) started it all. Organizations needed a way to unify authentication systems in the enterprise for easier management and better security. Single sign-on was […]