WoTT Security Blog Musings, thoughts, ideas, releases on security
open-source The DevSecOps Iceberg By Viktor Petersson on November 29, 2019 Security is a complicated topic. There are countless of attack vectors and threat models to take into consideration when designing a security strategy. Over the last year, we’ve spoken to companies of different sizes about their security strategies and practices. Based on these discussions, we’ve come up with something we call the... Continue reading
Introducing WoTT's GitHub Integration By Viktor Petersson on November 27, 2019 There’s no doubt that GitHub has become one of the most popular platforms for developer collaboration and communication. Increasingly, GitHub is also used for project management across developer and Dev(Sec)Ops teams. Because of this, it is increasingly where the security fixes are being tracked too. For instance, GitHub recently announced their Security... Continue reading
How to Securely Configure MongoDB By Mahmoud Fahmy on November 24, 2019 How to Securely Configure MongoDB Required Skill Level: Intermediate Reading Time: 15-20 Minutes Introduction MongoDB is a NoSQL, document database that is widely used by companies and individuals. Its popularity and support makes it a contender for one of the best options for database needs. Unfortunately, its popularity makes it a target... Continue reading
New Space and the Future (as well as the past) of IoT By Fiona McAllister on November 20, 2019 Introduction In a world full of buzzwords, you’ve probably already come across the term ‘New Space.’ But, what exactly is it and why should you as developers care about it? WoTT is a security company aimed at Linux distros to secure server to receiver connections in an easy, flexible way. So where... Continue reading
How to Do a CVE Scan of Your Linux System By Al Esmail on November 04, 2019 Introduction Common Vulnerabilities and Exposures (CVE) is a list of publicly known cybersecurity vulnerabilities. Each vulnerability is given a unique CVE number by which it can be identified and referenced. The list can be easily accessed for free online, but wouldn’t it be nice to be automatically notified when you are affected... Continue reading
How to Audit OpenSSH Configuration and Secure It By Mahmoud Fahmy on October 25, 2019 Introduction Required Skill Level: Beginner to Medium Reading Time: 15-20 Minutes In this post, we will review the fundamentals of a secure OpenSSH server. As you probably know the SSH (Secure Shell) is a method to remote login to a server. SSH is usually secure however if used with the default settings,... Continue reading
What is SELinux and Why You Might Want It By Fiona McAllister on October 15, 2019 Introduction Today we’re going to talk about SELinux - Security Enhanced Linux. For the everyday layman SELinux maybe daunting to setup, but is a good introduction into different ways to manage access control to your systems. More and more we give companies our precious data and the onus should be placed on... Continue reading
Security audit checklist for linux systems By Al Esmail on October 04, 2019 We so often hear from developers that they don’t need to worry about cyber security because they’re too small to be targeted or because they trust their service providers to take care of it for them. Sound like someone you know? Well, let’s start with a quick synopsis of recent cloud failures... Continue reading
The significance of mTLS and why you should care about it By Fiona McAllister on September 09, 2019 Introduction Note there are some tutorials within this article. These vary in difficulty. All require a linux distribution to be compatible with our agent. Cybersecurity is an ever-growing, ever-complicating field. As a new developer, it can be daunting to think of where to start. Here we’re going to talk a little about... Continue reading
IoT Encryption Failures and how to avoid them By Nikoletta Triantafyllopoulou on August 28, 2019 IoT encryption failures and how to avoid them Introduction The stories of misconfigured security systems leading to leaks of client data are common. Take for example the Equifax data breach back in 2017. The vulnerability was detected with a great delay due to expired certificates. According to Venafi The device inspecting encrypted... Continue reading
Subscribe to our newsletter