Blog

Security best practices, techniques and news by security professionals

Get your team up to speed with the latest practices in cybersecurity

What interests you?

Recent security breaches

Secure coding best practices

Cloud security

Security in your organization

Skills needed for cybersecurity

Make the most of Avatao

Featured articles

Getting started with Kotlin

Getting started with Kotlin

If you are working on Java projects you might have heard about other languages that run on the JVM, like Clojure, Kotlin or Scala. Programmers like to try new things out but is it worth it to pick...

read more
XSS Case Study

XSS Case Study

You’ve probably heard about the recent Cross-Site Scripting vulnerability in the Google search engine. With a clever payload, you could have crafted a link which executes JavaScript after opening it...

read more

Latest posts

Getting started with Kotlin

Getting started with Kotlin

If you are working on Java projects you might have heard about other languages that run on the JVM, like Clojure, Kotlin or Scala. Programmers like to try new things out but is it worth it to pick...

How cybersecurity contributes value to business

How cybersecurity contributes value to business

Cybersecurity: a tough reality Cybersecurity is an inherently negative asset. As with any protective measure, the major challenge is to measure the value (or Return on Investment, ROI) of...

XSS Case Study

XSS Case Study

You’ve probably heard about the recent Cross-Site Scripting vulnerability in the Google search engine. With a clever payload, you could have crafted a link which executes JavaScript after opening it...

Wild card to win USPS customer data

Wild card to win USPS customer data

The US Postal Service launched their Informed Visibility program last year to provide better insight into their mailstream service. For example, one can obtain near real-time notifications about...

An overview of Linux container security

An overview of Linux container security

Containers are often treated as if they were virtual machines which is far from the truth, they are a lot less isolated from the host system. However, there are a myriad of ways to enhance...

Not so smart pointers

Not so smart pointers

Even though modern C++ ( the standard since C++11) has made programming in this language much more secure, it also introduced new vulnerabilities hidden under its layers of abstractions. In C and...

Security and usability: How to find a good balance

Security and usability: How to find a good balance

How would you like the idea of being escorted by armed security staff from the grocery store to your home in order to protect the valuable air fresheners you have just bought? Would you be confused,...

Smart Contract Security

Smart Contract Security

Blockchain-based platforms are becoming increasingly popular due to their ability to maintain a public distributed ledger, providing reliability, integrity, and auditability for transactions without...

Secure development with Spring Framework

Secure development with Spring Framework

In the past decade, Spring Framework became a well established and prominent web framework for developing Java applications. The most exciting and essential changes in the Spring ecosystem was the...

The three fatal bugs behind the Facebook breach

The three fatal bugs behind the Facebook breach

The breach was discovered after Facebook saw an unusual spike of user activity that began on September 14, 2018. A few days later, on Tuesday, September 25, Facebook’s engineering team discovered an...

How to dive into web-security as a developer

How to dive into web-security as a developer

Great developers possess a wide variety of skills, from technological expertise to product thinking. You need some of these for your current job, others you just picked up over the years....

Semancat versioning

Semancat versioning

Tackling the versioning pains of a greenfield project with cats. New projects can force us, developers to face certain challenges that we won’t even have to think about when working on an already...

Git security best practices

Git security best practices

In this article we will discuss different methods to avoid common pitfalls in terms of Git security. We live in a world where it is hard not to know Git, the most popular Distributed Version Control...

Using cloud-services, security is your job too

Using cloud-services, security is your job too

Being cloud native won’t save you from external threats if you as a user are not aware of basic security needs – cloud providers simply cannot do everything for you while due to the heavy demand to...

Report a vulnerability in a responsible way!

Report a vulnerability in a responsible way!

If you have found a vulnerability and you want to act responsibly, discretion is most important. Always remember you have information that can be exploited by black-hats putting not only the...

Broken Access Control

Broken Access Control

In this article we cover examples of broken access control, how to find it in your application and possible consequences. Access control, or authorization, is how a web application grants access to...

Learn about CSP-based XSS protection

Learn about CSP-based XSS protection

The security model of web is rooted in the same-origin policy. Each origin is isolated from the rest of the web and codes should only have access to their origin’s data. Because of this model,...

Learn to build secure software

Learn to build secure software

We are writing millions of lines of code day by day, but only a few of us take security into account. We exactly know that it’s really easy to put security aside as it takes more investment than...

Parse your binaries with Kaitai WebIDE

Parse your binaries with Kaitai WebIDE

Binary analysis starts with the understanding of different file formats. Fortunately, there are several tools (e.g., CFF explorer, FileAlyzer) which help you to understand their internal structure,...

Interview with Chris Wysopal, CTO of Veracode

Interview with Chris Wysopal, CTO of Veracode

We are more than happy to welcome Chris Wysopal, (also on Twitter) as the next security expert on our blog. Chris, the CTO of Veracode, is one of the key influencers in IT security today. He is a...

Interview with Zoltán Balázs, security expert

Interview with Zoltán Balázs, security expert

We are more than happy to welcome Zoltán Balázs, (also on Twitter) as the next security expert on our blog. Zoli has long track records in bypassing security defense products. He regularly gives...

avataoTools introduces popular security tools

avataoTools introduces popular security tools

One of the most difficult parts in IT security is to get started. There are zillions of interesting topics all around, but if you are completely new in this area you can easily get lost....

Interview with Charlie Miller, security researcher

Interview with Charlie Miller, security researcher

Charlie Miller, (also on Twitter) is well-known in the security community for his exceptional hacking results. He won the Pwn2Own contest at CanSecWest 4 times by exploiting various Apple products...

How !SpamAndHex became a top hacker team (part 2)

How !SpamAndHex became a top hacker team (part 2)

This is the second part of our !SpamAndHex series. You can read the first part here. Everything starts with a vision. It was in 2009 at the very beginning of my master studies at the Budapest...

Reverse engineering tutorial and challenge

Reverse engineering tutorial and challenge

So here we are again with your next avatao Tuesday challenge. Today, we are delving a bit into reverse engineering by providing a small tutorial and a challenge to solve. A decent definition for...

Interview with the CyKor CTF team

Interview with the CyKor CTF team

The South Korean CTF team CyKor, (also on Facebook) is one of the best CTF teams in the world. Together with other South Korean security experts like Junghoon Lee (aka “lokihardt”) and the members...

Your first Avatao Tuesday

Your first Avatao Tuesday

How to get started in computer security? I think this is the first question that people raise when they are about to learn computer security. Here is a good answer from Parisa Tabriz, computer...

How !SpamAndHex became a top hacker team (part 1)

How !SpamAndHex became a top hacker team (part 1)

Summer just started in 2011, when Gábor Pék, Buherátor and Bencsáth Boldizsár (aka “Boldi”) decided to do some nice hacking over the summer instead of going to splash in Lake Balaton all summer...

Test your secure coding skills