BNB Bridge hack ELI5 explained and visualisedA week ago, the BNB Bridge was attacked for almost $600M. I wanted to dig deeper to understand the fundamentals of the root cause and this…Oct 12, 2022Oct 12, 2022
Analysis of OZ TimelockController security vulnerability patch… and why you must stay up to date!Sep 2, 2021Sep 2, 2021
Published inSecuRingFour common pitfalls of HyperLedger implementationAfter several security audits of HyperLedger implementations (and other custom blockchain platforms), we have selected a couple of…Mar 18, 2021Mar 18, 2021
Write-ups and lessons learned from Damn Vulnerable #DeFiI have solved all of the Damn Vulnerable #DeFi challenges by Zeppelin. Here I present the write-ups and lessons learned from …Nov 26, 20202Nov 26, 20202
Published inSecuRingSecure OAuth 2.0: How To Keep OAuth Secure?Previous parts (part 1, part 2) of the series introduced the risks and described potential vulnerabilities in OAuth 2.0 implementation…Nov 3, 2020Nov 3, 2020
Published inSecuRingSecure OAuth 2.0: What Could Possibly Go Wrong?The previous section, Starting with OAuth 2 — Security check, covered the main threats which are the users’ sensitive data leakage and the…Sep 4, 2020Sep 4, 2020
Published inSecuRingStarting with OAuth 2 — Security checkOAuth 2.0 is the second version of Open Authorization Framework, the industry-standard delegation protocol for authorization.Jul 31, 2020Jul 31, 2020
Published inSecuRingThe Truth About Privacy in COVID Tracing SolutionsAnd why people might not trust them.Jun 4, 2020Jun 4, 2020
Published inSecuRingBlockchain — new types of insider threatBlockchain does not defend from insider threat in any way. What is more, blockchain introduces new threats that can be classified as…Jan 10, 2020Jan 10, 2020
Published inSecuRingWhat is going on with OAuth 2.0? And why you should not use it for authentication.A few weeks ago I was planning to write an article explaining why it is not a good idea to use OAuth for authentication (as Auth in OAuth…Dec 12, 20186Dec 12, 20186