How to Use Secrets in Source Code? Move Them Elsewhere.
Mon, 04 Feb 2019

How do you manage secrets in source code? You don't. Your security tokens, keys, and passwords belong outside of your code, in a separate location.

Parsing binaries with Kaitai Struct
Fri, 01 Feb 2019

Kaitai Struct is a general-purpose declarative language for describing binary data structures. With it we can parse binary file formats, in-memory data structures, network packets, etc. 

In this article we describe and parse a ESP8266 firmware image file using the KSY language.

What is Product Security? How to Implement It and Who Owns It
Mon, 21 Jan 2019

In this article we investigate why we continue to face the same types of security problems, and why security should be a priority across the entire product lifecycle.

Developer Security Training: 5 Things You Must Know
Tue, 08 Jan 2019

Training can be a major investment for some organizations. So how can you make the most of it? Read through the five things you must know and understand to be able to make the most of any security training before, during, and after.

The Deep Synergy Between Security Testability and Good App Sec
Fri, 21 Dec 2018

When code is brittle, it's due to a lack of quality in the design and implementation, and this same brittleness also leads to more security vulnerabilities.

Threat Modeling: Designing for Security
Tue, 11 Dec 2018

You've probably already heard the phrase "threat modeling" more than a few times. Threat modeling is a highly undervalued, often overlooked aspect of building secure applications---which is a shame, because you don't have to be a large enterprise with hundreds of developers and architects to benefit from threat modeling. It helps organizations of all sizes.

Carve Systems Guest Author Program
Tue, 11 Dec 2018

Carve Systems invites technical experts to contribute posts as a guest author on the Carve Systems blog.

Writing a simple ESP8266-based sniffer
Thu, 26 Jul 2018

In this first post we discuss the packet sniffing capabilities provided by the ESP8266 SDK and demonstrate them writing a simple packet sniffer that will parse and output 802.11 frames to the serial console.

Implementing a Password Strength Indicator
Fri, 22 Jun 2018

Passwords are, at present, a mostly necessary part of web applications. A lot of research has gone into how applications should deal with passwords, from the UX of password entry and creation, to the storage of passwords. This article will cover how to implement a password strength indicator that follows modern best practices.

Digital Security Strategy, Part 2: Rising Into The Clouds
Fri, 25 May 2018

In the next post of the Digital Transformation section, we discuss the common security problems that companies face as they move computing into the cloud.