Reading Time: 10 minutes If you are working on Java projects you might have heard about other languages that run on the JVM, like Clojure, Kotlin, or Scala. Programmers like to try new things out but is it worth it to pick one of them over Java?

Reading Time: 11 minutes Containers have been around for over a decade. Yet before Docker’s explosive success beginning in 2013 they were not wide-spread or well-known. Long gone are the days of chroot, containers are all the rage, and with them, we have a whole new set of development and security challenges.

Reading Time: 7 minutes Ever-increasing amounts of information are produced, stored, processed, and transferred enabling products and services across all industries. A substantial amount of this information relates to an identified or identifiable natural person i.e., its personal data. The processing of personal data can, unfortunately, also summon risks to individuals’ rights and freedoms, sometimes materializing in real harm.

Reading Time: 7 minutes Even if you use HTTPS, your browsing habits can still be tracked by observing your DNS queries. Besides the lack of confidentiality, plain old DNS doesn’t provide data integrity and authenticity either. This article discusses DNS security and privacy and points out the problems that can arise from lacking in these attributes and gives some tips on how to remedy them.

Reading Time: 5 minutes Containers are often treated as if they were virtual machines which are far from the truth, they are a lot less isolated from the host system. However, there is a myriad of ways to enhance isolation. This blog post will give you an overview of Linux container security.

Reading Time: 5 minutes Even though modern C++ ( the standard since C++11) has made programming in this language much more secure, it also introduced new vulnerabilities hidden under its layers of abstractions. In C and older versions of C++, the concept of pointers wasn’t easy to grasp for beginners. You had to worry about null dereference, dangling pointers, deallocation, etc. However, the Middle Ages are over, we have smart pointers now.

Reading Time: 6 minutes Blockchain-based platforms are becoming increasingly popular due to their ability to maintain a public distributed ledger, providing reliability, integrity, and auditability for transactions without a trusted entity.

Reading Time: 10 minutes In the past decade, Spring Framework became a well established and prominent web framework for developing Java applications. The most exciting and essential changes in the Spring ecosystem was the birth and progression of Spring Boot. No matter what you need, Spring Boot provides comprehensive, easy-to-use, and interdisciplinary development environment tools for deployment and assists in the whole development lifecycle.

Reading Time: 7 minutes In this article, we will cover how to use Ansible for infrastructure automation. Here at Avatao, we are big believers in infrastructure-as-code which is a way of infrastructure automation using the practices from software development. Setup tasks, configuration, identity, and access management are coded as reproducible definitions. This dramatically reduces the chance of human error. Changes in the infrastructure are reproducible and auditable. We can also make use of software development tools such as version control or automated testing and deployment.

Reading Time: 8 minutes Tackling the versioning pains of a greenfield project with cats. New projects can force us, developers to face certain challenges that we won’t even have to think about when working on an already existing codebase.
These include stuff like “how are we going to ship our code to customers/clients?” or coming up with a way to distinguish between versions.

Reading Time: 7 minutes In this article, we will discuss different methods to avoid common pitfalls in terms of Git security. We live in a world where it is hard not to know Git, the most popular Distributed Version Control System (DVCS). Free and open-source, it has been initially created by Linus Torvalds to be used for the development of the Linux Kernel. These days, Git is completely omnipresent in the IT industry. It is the key element of platforms such as GitHub or GitLab and used as a package management system by the Go language for example.

Reading Time: 6 minutes This is the final part of this blog series. If you haven’t done already so, you can read the first, and
second part of our story also.
It was early 2013, in the middle of my Ph.D. studies when two master students (András Gazdag and Levente Fritz) asked me to talk about memory corruption vulnerabilities.

Reading Time: 6 minutes We are more than happy to welcome Chris Wysopal, (also on Twitter) as the next security expert on our blog. Chris, the CTO of Veracode, is one of the key influencers in IT security today. He is a regular speaker at conferences such as Black Hat or the RSA conference.

Reading Time: 4 minutes This is the second part of our !SpamAndHex series. You can read the first part here. Everything starts with a vision. It was in 2009 at the very beginning of my master studies at the Budapest University of Technology and Economics (in short BME) in Hungary when my advisor, Levente Buttyán (head of CrySyS Lab) contacted Engin Kirda who was tenured faculty at Institute Eurecom (Graduate School and Research Center) at that time if there is a project I could work on together with other iSecLab guys.