• 2020-01-18
  • 8 minutes

Breaking C# SecureString

As discussed previously in Heap Inspection post keeping passwords and other sensitive data in memory may be insecure as they can be inspected or dumped. Although it is almost impossible to completely mitigate Heap Inspection there are several techniques to reduce the time frame sensitive data keeps in memory, lowering the risk of exposure. Lets […]
Continue Reading
  • 2019-06-17
  • 7 minutes

Weak Random

A lot of developers don’t know that regular Random is a weak random implementation. In fact its quite predictable. A lot of code relies on this class to generate passwords, tokens and other security related values, that in fact end up not being secure at all. I’m going to focus on Java, but a lot […]
Continue Reading