ElastAlert Kibana plugin: centralized logging with integrated alerting

Centralized logging is a fantastic tool, especially if you are able to take it from collection-only, to realtime action. The tools that enable realtime alerting, such as Watcher and ElastAlert, haven't been easy to use as it is fo...

Read more

JFall 2016 in depth: Secure Coding Patterns

After we find a bug in our code, we as developers reason about our code and question ourselves: did we have Unit Tests and Integration Tests, Design Patterns, Clean Code and Logging. What are their equivalents for security bugs and vulnerab...

Read more

Smart about security in smart devices (IoT)

Internet of Things has been given many names with regards to security. Take Jaya Baloo (CISO KPN), who calls it IoS, Internet of Shit. Other security experts agree and there is a collective worry that security in IoT will be impossible if n...

Read more

Achieving DevSecOps by instrumenting Microservices Orchestration in VAMP

With DevOps, we have a higher return on our investment in code, by making it possible to release new features to production in realtime. We do this by automating our tests, which is something that is hard to do for security.  Now, you have...

Read more

Using Google to detect payloads

Google is a well-known search engine, and in the security community also famous for the “google dorks” functionality: finding vulnerable websites using google queries. 

Read more

From localhost to a scalable service

One of the biggest challenges of building a high-performance service is making it scale. To do that, we use IBM’s SoftLayer.

Read more

CSRF by the RFC

Recently, I have reported a security issue where a CSRF was used to compromise the integrity of a database stack abusing the web application management tool.

Read more