Showing items from Cybersecurity

Help! Quantum Computers are threatening our payments!

• Kalpana Singh PhD
• 9 Min To Read
• 19 Mar, 2024
• • Cybersecurity

Introduction

Modern cryptography has been used to enable secure communications between individuals or servers, even if these entities do not share any pre-established secret. The cryptographic primitives allow kickstarting a secure channel primarily to deliver two main functionalities: protected channel establishment (known as key establishment) and authentication of digital information/parties (by the use of digital signatures). Once the channel is established, it can use other cryptographic primitives to secure communications over the Internet, provide the root of trust for secure transactions in the digital economy, and keep data private by encrypting it.

Invisible code and XSS attacks

• Sylvain Pollet-Villard
• 11 Min To Read
• 19 Jul, 2023
• • Cybersecurity

Trojan: Attacks from the inside

XSS attacks were quite common at the time of the early web. They were used to steal cookies, to redirect users to malicious websites, to inject malicious code in the page, etc. Websites were more vulnerable to XSS at that time because they used a lot server-side templating with technologies like PHP or JSP, with very few built-in protections for injecting JavaScript code into HTML responses. Today, we are much more careful about escaping user inputs and evaluating HTML dynamically. We use frameworks like React or Vue.js to build our web applications, which are based on declarative templating that escape all HTML by default and encourage sending serialized data instead of HTML on the wire. Dynamic code evaluation is considered a bad practice and injection patterns are catched by code analysis tools like ESLint or SonarQube. XSS attacks have therefore to find more creative ways to inject malicious code into the page. If they can’t inject from the outside, they will try to inject from the inside, targeting the code of the application itself. They can do that directly through project dependencies or pull requests to open source projects, or indirectly through StackOverflow answers, blog posts, AI chatbots, etc.

HSM in the cloud: opportunity or contradiction?

• Jurjen N.E. Bos
• 6 Min To Read
• 05 Apr, 2023
• • Cybersecurity

As many other companies, my employer (Worldline) is busy building cloud applications, and moving current applications to the cloud. Of course, cryptography is used in many ways in these applications. Many of these applications use HSMs (Host Security Modules) to improve the security of the cryptographic keys. This is what an HSM looks like:

Troubleshoot SSL/TLS mutual authentication with openssl s_server

• Gerben Castel
• 4 Min To Read
• 07 Mar, 2023
• • Cybersecurity

Each secure communication between a browser and a HTTP server begins with a SSL/TLS handshake.

ZTNA - For Machine Vendors

• Michael Zinsmaier
• 10 Min To Read
• 01 Feb, 2023
• • Cybersecurity

Zero Trust or as I prefer it Zero Implicit Trust is usually described from the perspective of an IT department, in charge, to protect its users and resources. Sometimes this perspective is extended to the shopfloor owner and I recommend Zero Trust connectivity in industrial environments , a free whitepaper published by Worldline to dive deeper into this topic.

Post-Quantum Cryptography Series - Second Newsletter

• Slim Bettaieb Mattias Westlund Jurjen N.E. Bos Nourredine Khadri
• 9 Min To Read
• 27 Apr, 2022
• • Cybersecurity

In this newsletter we will provide information of the context of the international competition organized by NIST to standardize post-quantum cryptographic algorithms and how Worldline contributed to it. We will also give an update on the ongoing competition and highlight the cryptographic primitives that NIST will develop.