The Web Cryptography API: Security Analysis [Part 2]

2020-09-22T12:22:56+00:00

After getting the basics out of the way in the last article this blog dives deep and assesses the security mechanisms of the Web Cryptography API.

The first article of the blog series „The Web Cryptography API: Do not trust anybody!” explains the Web Cryptography specification. If you haven’t already, read

The Web Cryptography API: Security Analysis [Part 2]2020-09-22T12:22:56+00:00

The Web Cryptography API: Do not Trust Anybody! [Part 1]

2020-09-21T21:22:55+00:00

The goal of this series of blog articles is to evaluate the Web Cryptography specification before analysing the Web Cryptography API. Finally a sample application using the new API is implemented, which extends existing cloud storage services with the option to encrypt all files on the client side by WCA prior upload.

IT systems are of central importance in (almost) every area. Particularly in the context of critical infrastructures or sensitive personal data, IT security is of par

The Web Cryptography API: Do not Trust Anybody! [Part 1]2020-09-21T21:22:55+00:00

State of the Web 2020: Security Spezial

2020-09-14T00:13:20+00:00

In diesem State of the Web Video stellen Anna, Michael und Clemens die Themen WebAuthn, WebCrypto API und Möglichkeiten, wie man Web-Anwendungen vor Angriffen schützen vor, um sie anschließend zu diskutieren.

Willkommen zu einer neuen Folge unserer Serie State of the Web. Auch in dieser vierten Folge berichten wir über spannende neue Themen aus dem Web. Der Schwerpunkt liegt

State of the Web 2020: Security Spezial2020-09-14T00:13:20+00:00

Beyond Passwords: FIDO2 and WebAuthn in Practice

2020-03-09T17:58:25+00:00

Take a look at FIDO2 and WebAuthn in real life! We developed a proof of concept using those new authentication standards and conducted a user study to find out their perception by the general public. Those findings helped us form best practices when implementing WebAuthn in your own web application.

The World Wide Web of today is unthinkable without user authentication. A wide range of methods have been developed for this purpose, from text passwords over fingerp

Beyond Passwords: FIDO2 and WebAuthn in Practice2020-03-09T17:58:25+00:00

Unraveling Kubernetes Security Tools

2020-08-13T11:11:00+00:00

When securing K8s based environments, many different issues arise. And there are even more tools that try to tackle these issues. Don't waste your time searching and checkout these open source Kubernetes Security Tools instead!

When securing K8s based environments many different issues arise—from checking the actual cluster configuration to configuring K8s features like Network Policies, Pod

Unraveling Kubernetes Security Tools2020-08-13T11:11:00+00:00

OpenPGP: Create a New GnuPG Key (Part 1)

2019-03-12T12:44:44+00:00

This is the first part of the OpenPGP blog series. It briefly explains how to generate a new GnuPG key that can be used for encryption, signing and authentication. GnuPG is the open implementation of the OpenPGP standard defined in RFC 4880, allowing you to encrypt and sign data and to authenticate.

This is the first part of the OpenPGP blog series. It briefly explains how to generate a new GnuPG key that can be used for encryption, signing and authentication.

OpenPGP: Create a New GnuPG Key (Part 1)2019-03-12T12:44:44+00:00

Let’s encrypt the web! All of it.

2018-07-13T12:58:00+00:00

Are you serving your website via HTTPS yet? You really should and Let's Encrypt is here to help you get up to speed on that.

Does your website still run on plain HTTP? Would you like it to run on HTTPS? You should, because soon you might not have a choice anymore. The HTTPS saturation of th

Let’s encrypt the web! All of it.2018-07-13T12:58:00+00:00

Application of Differential Privacy and Randomized Response in Big Data

2018-03-01T09:15:11+00:00

In this blog, I’ll explain some of the basic concepts of differential privacy and talk about how I’ve used it in my Bachelor’s Thesis.

Differential Privacy is a topic of growing interest in the world of Big Data. It is currently being deployed by tech giants like Google and Apple to gain knowledge ab

Application of Differential Privacy and Randomized Response in Big Data2018-03-01T09:15:11+00:00