Pavlo's blog archive

2022 (7) 2021 (6)
Pavlo Farb

Pavlo Farb

Security Engineer at Cossack Labs
Message Message me Posts: 13 Comments: 0



Security audit of smart contracts: verifying DeFi

13 Dec 2022

Once deployed, a lot of smart contracts cannot be easily changed. So, it would be wise to take a close look at potential weaknesses, exploits, and built-in mitigations when it’s not too late for changes. But look beyond the code. Smart contracts are immutable pieces of code that perform certain operations in blockchain networks or link different bl...



Application security in cryptocurrency ecosystem

07 Jun 2022

You can often hear from me and my colleagues security engineers about the defense in depth approach to protecting the user data. Does this mean putting as many tools and security controls in your code or system as the whole market suggests? By no means. When speaking about defence in depth we mean that carefully chosen tools, controls, security po...


Field level encryption and apps’ re-engineering

04 May 2022

One of the most common concerns security engineers hear sounds like “field level encryption is awesome, but alas we can not afford it because we will need to completely rewrite the code and encryption will make everything slow”. I fully agree with the first part, field level encryption is awesome. As for the latter, literally, it could be transla...


Building data security in a cloud

12 Apr 2022

Switching from traditional software engineering to building modern cloud apps requires multiple changes on several levels, with data-related security often mistakenly pushed to the margins. But in fact, even with all the brilliant cloud providers’ security options, you can't duck data protection issues in a cloud, you just face new priorities in...