Rational Application-level Threat Modeling

May 3, 2018

This is the third post of the Rational Security series. We're drilling down into the tools to map out the systems with respect to security. In this post, we are taking a look at using data-flow diagrams and attack trees to understand failure domains and proactively address security needs. ...

>> Read more ...


Rational High-level Threat Modeling

May 3, 2018

This is the second post of the Rational Security series. In this post, we are taking a look at high-level threat modeling to capture stakeholders' concerns by looking at our operation holistically from a 30000 feet view. ...

>> Read more ...


An Introduction to Rational Security

May 3, 2018

This is the first post of the Rational Security series, in which we introduce tools to rationally reason about the security requirements of the systems we build. In this post, we are taking a closer look at why we're still building systems that suck and why we're fetishizing the attacks instead of thinking rationally ...

>> Read more ...


Planning non-confrontational interactions

Apr 17, 2018

As consultants, most of our job revolves around communication in various shapes and forms. The SCARF model allows us to be adaptive when the stakes are high ...

>> Read more ...


Webapp Security 101

Oct 16, 2015

After reading this blog post, you should be familiar with a couple of simple mechanisms to provide a safer web experience for everyone ...

>> Read more ...


Grand Central Dispatch

Aug 5, 2015

This was written way back in 2013 when the GCD was still new, but finally decided to put it on my blog since I kept coming back ...

>> Read more ...


Automatic Reference Counting

Aug 5, 2015

This was written way back in 2012 when manual memory management was still a thing, but finally decided to put it on my blog since ...

>> Read more ...


Why Alice has a problem if Bob can't encrypt

Jan 27, 2015

I listened to many good talks at the 31st Chaos Communication Congress in Hamburg (GER) last December. I was especially impressed by ...

>> Read more ...