Join the Community

21,618
Expert opinions
43,792
Total members
381
New members (last 30 days)
149
New opinions (last 30 days)
28,573
Total comments

Latest expert opinions

clear
clear
Pavlo Farb

Pavlo Farb Security Engineer at Cossack Labs

How to build secure banking apps and digital wallets

Thinkers always win, don't they? Industry leaders who think strategically and plan are more likely to achieve their goals. A product that meets user expectations, ensures safety of their assets and sensitive information is destined for success. Would you like to be the creator of an optimal solution that wins the market and the hearts of your user...

/security /wealth Digital Banking

Pavlo Farb

Pavlo Farb Security Engineer at Cossack Labs

Preventing Fraud in Digital Banks

By offering a wide range of advantages over traditional payment methods, financial wallet applications are becoming increasingly popular both among customers and fraudsters. Only in 2021 e-wallet losses exceeded $10 billion. Cybercriminals use attacks of all types from phishing to SIM swapping to steal sensitive information or users’ assets from t...

/security /payments Digital Banking

Pavlo Farb

Pavlo Farb Security Engineer at Cossack Labs

NFC and digital wallets: magic has security risks

NFC devices provide users with another pair of wings to fly over daily routines, as they enable quick and easy contactless mobile payments and the use of e-tickets, mobile digital wallets, keycards, etc. instead of dealing with bulky stuff they substitute. The upsides are plain to see: wide availability, simplicity of use, platform versatility, se...

/security /payments Digital Banking

Pavlo Farb

Pavlo Farb Security Engineer at Cossack Labs

Security audit of smart contracts: verifying DeFi

Once deployed, a lot of smart contracts cannot be easily changed. So, it would be wise to take a close look at potential weaknesses, exploits, and built-in mitigations when it’s not too late for changes. But look beyond the code. Smart contracts are immutable pieces of code that perform certain operations in blockchain networks or link different bl...

/security /crypto DeFi

Pavlo Farb

Pavlo Farb Security Engineer at Cossack Labs

Application security in cryptocurrency ecosystem

You can often hear from me and my colleagues security engineers about the defense in depth approach to protecting the user data. Does this mean putting as many tools and security controls in your code or system as the whole market suggests? By no means. When speaking about defence in depth we mean that carefully chosen tools, controls, security po...

/security /crypto Fintech

Pavlo Farb

Pavlo Farb Security Engineer at Cossack Labs

Field level encryption and apps’ re-engineering

One of the most common concerns security engineers hear sounds like “field level encryption is awesome, but alas we can not afford it because we will need to completely rewrite the code and encryption will make everything slow”. I fully agree with the first part, field level encryption is awesome. As for the latter, literally, it could be transla...

/security /regulation Fintech

Pavlo Farb

Pavlo Farb Security Engineer at Cossack Labs

Building data security in a cloud

Switching from traditional software engineering to building modern cloud apps requires multiple changes on several levels, with data-related security often mistakenly pushed to the margins. But in fact, even with all the brilliant cloud providers’ security options, you can't duck data protection issues in a cloud, you just face new priorities in...

/security /cloud Fintech

Pavlo Farb

Pavlo Farb Security Engineer at Cossack Labs

Dousing the dependency hell in fintech apps

One of the most important things you can do to make your fintech apps more secure is to let your developer team go beyond coding and get involved in security design and security operations including dependency and vulnerability management. I start with this idea every time I’m asked to give some advice on data security issues in fintech since this...

/security Fintech

Pavlo Farb

Pavlo Farb Security Engineer at Cossack Labs

Cryptocurrency wallets security

Data security is an extremely complex industry. Even the most cutting edge applications, like blockchain and cryptocurrency wallets, are subject to “boring” data security threats. Especially because in the cryptocurrency context reputation equals costs. To eat an elephant one bite at a time, let’s have a think about the first and foremost things t...

/security /crypto Cryptocurrency Insights

Pavlo Farb

Pavlo Farb Security Engineer at Cossack Labs

Data security in fintech: from TLS to ALE

Recently, after reading a great engineering blog post on OCSP and CRL verifiers in Go, and after further discussion in the community, I’ve got an insight that made me really gloomy. Mass of projects use technologies without paying attention to their security holes. For instance, financial applications adopt TLS (transport layer security) protocol,...

/security /payments Fintech

Now Hiring