Posts tagged with: open-source (23)
open-source
The DevSecOps Iceberg
By Viktor Petersson on November 29, 2019
Security is a complicated topic. There are countless attack vectors and threat models to take into consideration when designing a security strategy. Over the last year, we’ve spoken to companies of different sizes about their security strategies and practices. Based on these discussions, we’ve come up with something we call the DevSecOps...
Continue reading
How to Securely Configure MongoDB
By Mahmoud Fahmy on November 24, 2019
How to Securely Configure MongoDB Required Skill Level: Intermediate Reading Time: 15-20 Minutes Introduction MongoDB is a NoSQL, document database that is widely used by companies and individuals. Its popularity and support makes it a contender for one of the best options for database needs. Unfortunately, its popularity makes it a target...
Continue reading
New Space and the Future (as well as the past) of IoT
By Fiona McAllister on November 20, 2019
Introduction In a world full of buzzwords, you’ve probably already come across the term ‘New Space.’ But, what exactly is it and why should you as developers care about it? WoTT is a security company aimed at Linux distros to secure server to receiver connections in an easy, flexible way. So where...
Continue reading
How to Do a CVE Scan of Your Linux System
By Al Esmail on November 04, 2019
Introduction Common Vulnerabilities and Exposures (CVE) is a list of publicly known cybersecurity vulnerabilities. Each vulnerability is given a unique CVE number by which it can be identified and referenced. The list can be easily accessed for free online, but wouldn’t it be nice to be automatically notified when you are affected...
Continue reading
Security audit checklist for linux systems
By Al Esmail on October 04, 2019
We so often hear from developers that they don’t need to worry about cyber security because they’re too small to be targeted or because they trust their service providers to take care of it for them. Sound like someone you know? Well, let’s start with a quick synopsis of recent cloud failures...
Continue reading
The significance of mTLS and why you should care about it
By Fiona McAllister on September 09, 2019
Introduction Note there are some tutorials within this article. These vary in difficulty. All require a linux distribution to be compatible with our agent. Cybersecurity is an ever-growing, ever-complicating field. As a new developer, it can be daunting to think of where to start. Here we’re going to talk a little about...
Continue reading
IoT Encryption Failures and how to avoid them
By Nikoletta Triantafyllopoulou on August 28, 2019
IoT encryption failures and how to avoid them Introduction The stories of misconfigured security systems leading to leaks of client data are common. Take for example the Equifax data breach back in 2017. The vulnerability was detected with a great delay due to expired certificates. According to Venafi The device inspecting encrypted...
Continue reading
The Future of IoT
By Nikoletta Triantafyllopoulou on August 16, 2019
The Future of IoT Introduction The Future of IoT is both fascinating and challenging. As the number of connected devices is expected to triple by 2025, there are many significant questions and issues rising. Such as what does this mean for the Industry? What implications does this create? To start with, security...
Continue reading
IoT Security Issues and Challenges
By Nikoletta Triantafyllopoulou on August 12, 2019
IoT Security Issues and Challenges IoT Security issues are quite a challenge for this burgeoning industry. There is a growing number of devices, applications and systems which turn to IoT. This helps them to upscale their efficiency and their services and to make life easier for users. So let us take a...
Continue reading
Using WoTT to Secure a Paho MQTT Client
By Fiona McAllister on July 19, 2019
Using WoTT to Secure a Connection from a Paho MQTT Client to an MQTT Server (Mosquitto MQTT Example included) Introduction In a previous example we discussed how to secure connections between an Mosquitto MQTT broker and the Mosquitto client. In that there are several different brokers for an MQTT brokers, there are...
Continue reading
Connecting Edge IoT devices with Kubernetes
By Viktor Petersson on July 18, 2019
Bridging Edge IoT devices with Kubernetes Required Skill Level: Medium to Expert In my last blog post, we covered how to configure Nginx to use Mutual TLS (mTLS). This illustrated how mTLS can both simplify the back-end, while also make it more secure. In this article, we will take this one step...
Continue reading
Using WoTT to Secure Access to a Mosquitto MQTT Server
By Fiona McAllister on July 15, 2019
Using WoTT to Cryptographically Secure Access Between a Mosquitto Brokered MQTT Client and Server Introduction Mosquitto is a lightweight message broker for MQTT. MQTT itself is a pub-sub messaging protocol that is particularly popular amongst IoT applications due to its optimisation for high-latency networks. Together, they are effective for IoT usage being...
Continue reading
Configuring Nginx with client certificate authentication (mTLS)
By Viktor Petersson on July 15, 2019
Configuring Nginx with client certificate authentication (mTLS) Required Skill Level: Medium to Expert Time to complete: 15-20 min In this post we will walk through how to configure Nginx to support mutual TLS to authenticate a client request in 3 steps: Install certificate on client Set up a server Whitelist client One...
Continue reading
Using WoTT credentials to manage access to Adafruit IO feeds
By Fiona McAllister on June 27, 2019
Using Adafruit IO with WoTT Credentials Introduction Adafruit IO is a free cloud service interested in making IoT accessible to everyone through presenting data in a useful and user-friendly way. Services that they provide include linking your IoT devices to Twitter and weather services. You can also use Adafruit IO to monitor...
Continue reading
Using WoTT credentials to manage access to Screenly OSE
By Fiona McAllister on June 25, 2019
Using WoTT to secure access to Screenly Introduction Screenly is a service that provides digital signage and acts as an OS on the host device. Essentially it treats your host device as a streaming service that projects visual media (such as images and webpages) onto a monitor from multiple different sources. Think...
Continue reading
Why open source solutions are critical for IoT
By Al Esmail on June 25, 2019
TL;DR IoT needs one ring to rule them all and it’s not a platform. In my last post, I described the relevance of open source security. For very different reasons, I will argue here that the internet of things (and cyber-physical systems in general) are in desperate need of open source software...
Continue reading
Why open source is critical for InfoSec
By Al Esmail on June 24, 2019
TL;DR Proprietary security is a fresh cow pie hiding in the tall grass. Figure 1 - How I imagine decision fatigued CTOs see the world when speaking to proprietary security vendors. Can you spot the cow pie? In a previous post, I advocated for the merits of DevSecOps and shift left security....
Continue reading
Why shift-left security is relevant for IoT
By Al Esmail on June 23, 2019
TL;DR Cyber is best handled by developers with big, bulging…brains. Figure 1 - Cyber is sexier than a Harvard trained, Academy Award winning actress. In our first blog post, I articulated that we are strong proponents of shift-left security. The idea that security should be incorporated as early as possible during application...
Continue reading
WoTT secures the Internet of Things
By Al Esmail on June 22, 2019
TL;DR It’s Let’s Encrypt for IoT - you know you want it. Figure 1 - If the web can have it, why can’t IoT? In my first blog post, I articulated why we do what we do at WoTT. Namely, that security is a necessary condition for a future involving advanced cyber-physical...
Continue reading
Why we are doing what we do
By Al Esmail on June 20, 2019
TL;DR the future has flying cars, transformers and low calorie diets. Figure 1 - Best free photo I could find when searching for ‘open source’ In our inaugural blog post, my aim is to introduce how we see the world and what we care about. Regarding what we do, I will simply...
Continue reading
Using WoTT credentials to manage access to a Python 3 WebApp
By Fiona McAllister on June 18, 2019
Another simple WebApp example Introduction In a previous example we introduced you to setting up a Simple WebApp using mTLS to provide security. This is one of a few ways to secure connection between a client and a server. In this example, we’ll be using another simple WebApp that instead uses HTTP...
Continue reading
Using WoTT to secure a simple Python 3 WebApp
By Fiona McAllister on June 16, 2019
A simple WebApp example Introduction In the following example, we’ll walk you through how to secure a simple WebApp using WoTT. Before you begin, you need two devices with the WoTT Agent installed. This can be a combination of devices that are either a Raspberry Pi or a desktop running a Debian...
Continue reading
Using WoTT to secure access to Google Core IoT
By Fiona McAllister on June 14, 2019
Using WoTT with Google Core IoT Introduction Before we get started, you will need to install the gcloud tool. This is used to interact with Google’s services. You can find installation instructions here. Follow the instructions for your specific distribution. You will also need to have at least one device with the...
Continue reading