13 Dec 2022
Once deployed, a lot of smart contracts cannot be easily changed. So, it would be wise to take a close look at potential weaknesses, exploits, and built-in mitigations when it’s not too late for changes. But look beyond the code. Smart contracts are immutable pieces of code that perform certain operations in blockchain networks or link different bl...
07 Jun 2022
You can often hear from me and my colleagues security engineers about the defense in depth approach to protecting the user data. Does this mean putting as many tools and security controls in your code or system as the whole market suggests? By no means. When speaking about defence in depth we mean that carefully chosen tools, controls, security po...
04 May 2022
One of the most common concerns security engineers hear sounds like “field level encryption is awesome, but alas we can not afford it because we will need to completely rewrite the code and encryption will make everything slow”. I fully agree with the first part, field level encryption is awesome. As for the latter, literally, it could be transla...
12 Apr 2022
Switching from traditional software engineering to building modern cloud apps requires multiple changes on several levels, with data-related security often mistakenly pushed to the margins. But in fact, even with all the brilliant cloud providers’ security options, you can't duck data protection issues in a cloud, you just face new priorities in...