Git Hack Recovery

En esta ocasión quiero compartir con ustedes una pequeña herramienta que desarrolle (y lo sigo haciendo) y que presente en #CPMX5 como parte de las charlas dadas por miembros de la Comunidad Underground de México, la herramienta se llama Git Hack Recovery y a grandes rasgos permite que en el caso de que tu sitio […]

Weak TLS cipher suites

HTTP and HTTPS are well known Internet protocols that don’t require any introduction. The other day at work as part of a daily security scan one of our servers got tagged as using weak cipher suites during TLS negotiation. In this quick post I’ll explain what a weak cipher suite means and how to fix […]

Compilation of open-source security tools & platforms for your Startup

This compilation of open-source tools aim to provide resources you can use for some of the step of the secure development life cycle of your organization, ie: Security Training Security Architecture Review Security Requirements Threat Modeling Static Analysis OpenSource Analysis Dynamic Analysis Penetration Testing If you think I should add a new tool to the list you […]

Stop passing secrets via environment variables to your application

Environment variables are great to configure and change the behavior of your applications, however there’s a downside for that, if someone uses the `docker inspect` command your precious secrets will get revealed there, because of that you should never pass any sensitive data to your container using environment variables (the `-e` flag), I’ll show you […]

Just enough cryptography for better securing your apps

I’m not a cryptographer myself but I have always admired their work because literally they make the Internet a better place by creating technology that allows us our right to privacy and cybersecurity plus I enjoy playing basic crypto CTF challenges. At my current job I’m a weird mixture between Software developer and Information Security […]