Fortifying APIs: timing attacks

One of the most important features of an API, besides usability, is resilience. A big aspect of a more resilient API is a restricted amount of information communicated. This is important to keep in mind, since every bit of information you give away, aids in an attack against your API.

Read more

Designing and writing a basic authentication API with Phoenix and Elixir (Auth Part 3)

Continuing this series on writing and developing an authentication process with Phoenix and Elixir, so far we've covered developing our authentication library authtoken in part 1 and 2.

Read more

Encrypted auth tokens for Phoenix (Auth part 2)

Last time, in Tokens, cookies and sessions: an auth story (Part 1), we talked about the decision-making process behind our authentication mechanism.

Read more

Tokens, cookies and sessions: an auth story (Part 1)

When deciding which way to go with communicating and storing authentication information, one can easily drift into a bad trip and start wondering how anything ever works.

Read more

Custom ecto types

Custom types in Ecto are a really nice way of abstracting away some functionality you need in a lot of places concerning your schemas. That sounds really nice, but let's break that down to something more digestible.

Read more

PGP signed git commits: Encrypt & Verify made easy… possible

Last time we went over creating a secured infrastructure and network for our SaaS operation.

Read more

Setting up a Phoenix Umbrella App

Our decision to run the rewrite of Sealas with Elixir came out of our interest in the language and the architecture behind it.

Read more

Creating a Secure Cloud Infrastructure

Last week we talked about the application's threat model. Now let's talk about securing our infrastructure.

Read more

Sealas Threat Model

Before we can properly develop our application, it helps to have a clearly formulated idea about what you want to do, and why. When it comes to an application whose goal is to provide a secure environment for its users, it is important to have a concrete threat model. This way we know what to protect against - and also why.

Read more

Relaunching Sealas or: How I learned to stop worrying and kill our product

graceful failure

Sealas was our our first attempt to create a SaaS.

It started out as a simple idealistic idea: frustrated with the available options, we wanted to create an easy to use accounting application, that encrypts all user data before storing.

But we failed horribly.

Read more

Why we develop Zero Knowledge Software

Every cloud service you may use implicitly requires you to trust them with all your data you work with.

This means that your service provider will always know everything you do when using their product, whether you agree to that or not.

Read more