Category: System Designs
How is XSS still a thing?
Back in 2005, the words ‘But most of all, samy is my hero’ caused great agitation among MySpace engineers as Samy Kamkar injected a Cross Site Scripting (XSS) worm into the social network. The attack consisted in an infected user, publishing a post in their myspace page showing these words honoring its creator, and of…
The Elixir Programming Language
An introduction to the language, its main concepts and its potential. The number of security incidents has been on the rise for years, and the growth of the Internet of Things is unlikely to improve the situation. Successful attacks on all kinds of interconnected smart devices, from car locks over home security systems to highly…
Side-channel Attacks
This post will give you an introduction to Side-channel Attacks by looking at some common vulnerabilities and concrete attacks that try to exploit those. But first: What actually is a Side-channel attack in general? A Side-channel Attack is an attack on a system, most probably a “secure” system, that does extract secret data by using…
Web App – File Upload Vulnerabilities
Today we will discuss file upload vulnerabilities; a topic that is widely underestimated by developers. First, we will imagine a website in which it is possible to upload images with the format .jpg, .png, .gif and so on. If an application does not have proper form validation for file uploads, an attacker is able to gain…
Keyless Gone – Vulnerabilities in keyless car systems
(written by Antonia Böttinger and Andreas Gold) Introduction Modern cars embed complex technologies to improve the drivers comfort and safety. In 1999 the automobil industry introduced the smart key system that more and more cars use. Even if manufacturers make use of various designations like Keyless Go, KeyFree Power or Smart Key the technique is…
Test Driven Development Part II
[written by Roman Kollatschny and Matthias Schmidt] Welcome back to the second article in our Node.js development series. Today, we are going to adapt the TDD cycle in an helloWorld example application. If you missed our first article about the principles of TDD, you can find it here. In the last article, we learnd about…
Test Driven Development with Node.js
Test-Driven Development with Mocha and Chai in Node.js
A Rant about Smart Home Security Usability
(written by Lena Krächan & Tobias Schneider) Introduction Living in today’s age of mobility and internet of things, residents of modern houses can easily interact with their smart homes. A smart home system is the thing to have. You can dim the lights, regulate the temperature, automatically open windows and doors and manage and manipulate…
A sneak peak into Continuous Integration
What does the development of a software product involves? Is there more than programmers coding at their PCs and managers telling them what they want? What is the real meaning of ‘release’? In the old age of software development, a development team would have to deal with incredible amounts of organization in order to establish…
More is always better: building a cluster with Pies
So you have written the uber-pro-web-application with a bazillion of active users. But your requests start to get out of hand and the Raspberry Pi under your desk can’t handle all the pressure on its own. Finally, the time for rapid expansion has come! If you have already containerized your application, the step towards clustering your…
You must be logged in to post a comment.