Blog

Imagine your builds going red because of an outdated OpenSSL that is used by one of your Carthage dependencies. In this story, we share scripts, error messages, testing matrix, and a working solution we used for Themis to prevent such a situation.

OpenSSL complexity starts with its version string. Apple, Carthage, and some dependency analysis tools have different opinions about it. Here is how we dealt with them and submitted iOS app to the App Store. So, we decided to update OpenSSL in iOS app # Themis provides easy-to-use cryptography for multiple languages and platforms. We implement it on top of existing cryptography engines , such as OpenSSL or BoringSSL, which Themis uses as a source of the cryptographic primitives.

This article was initially published on November 2018, then reviewed and updated with the information regarding CCPA on April 2020. We frequently see how regulatory requirements are mapped onto real-world demands during the integration of our tools and security consulting projects. Producing a coherent vision of which data assets need to be protected is the first step in designing encryption solutions – in the end, encryption comes at a cost and it makes sense to know where this cost is justified.

Intro # When companies move their infrastructures into the cloud, provisioning resources and configuring them to emulate their initial infrastructure — a practice called “lift and shift” — or migrate the existing solutions from one platform to another, something inevitably migrates together with all the code and assets: their security assumptions . The security assumptions affect the major security bottleneck — security team’s time and priorities. And the on-premises threat model and security priorities are very different from cloud-based.

Understanding data security issues # The first thing that comes to mind when one thinks about security issues is typically some poorly written code that is prone to RCE, XSS, and similar attacks. But hardly anyone deliberately sets out with “I’m going to write some really bad, vulnerable code today!” intent in mind. Code is always written for a reason, driven by functional demands, culture, and processes. From a software engineer’s point of view, fixing a security issue equals removing an opportunity to exploit something.

Bear with us! 🐻 # The latest release of a popular note-taking app Bear contains a new feature — end-to-end encryption of user notes. Cossack Labs team worked closely with the amazing Bear team to help deliver this feature. We are rarely allowed to disclose the details of our custom engineering work, but Bear team was awesome enough to let us highlight some important aspects of work done for them.

More and more data is outsourced to remote (cloud) storage providers fuelled by “software as a service” trends in enterprise computing. Data owners want to be certain that their data is safe against thefts by outsiders, internal threats, and untrusted service providers alike. To safeguard the data, encryption is used. Modern encryption is much more than enabling “data at rest encryption” checkbox on AWS S3 or using TLS connection between database and backend.

Cossack Labs has recently joined the DigitalOcean Marketplace family following our mission to make high-end security tools available to the general developer audience in a convenient fashion. Acra encryption suite is one of the first data security and encryption tools on DigitalOcean Marketplace and it is now available as 1-Click App running in DigitalOcean Droplet . Acra provides selective encryption, multi-layered access control, SQL firewall (SQL injection prevention), database leakage prevention, and intrusion detection capabilities as server deployed in your infrastructure (on prem or in cloud).

We always strive to make high-end security tools available to general developer audience in a convenient fashion. Only by making data security accessible, we can ensure real security of sensitive data everywhere. As another step towards our mission, we are proud to announce that Acra encryption suite is now available as 1-Click App running in a Droplet on DigitalOcean Marketplace . DigitalOcean is known for its caring attitude towards development teams of any size.

Intro # Any set of security controls deployed in your infrastructure may fail. Given enough pressure, some controls will certainly fail. No surprises here, but the question is – how to build our systems to make security incidents less damaging in case of a failure of some components? How to prevent data leaks even in case of a successful data breach? Building security tools , we strive towards defense in depth approach.