Category: Security

Posts
28 August / / security / wick / WebAssembly

A retrospective on building Wick

Background Two years ago, I hit a wall. I had worked in software for twenty+ years and spent seven of them helping Shape Security grow from a small startup to a unicorn. I was ready to start something new. But I just couldn’t. I wasn’t burnt out. I was overwhelmed. I knew what lay ahead. The same tasks that I’d performed hundreds of times. Even with new languages and frameworks, the cloud, serverless, microservices, etc.
Read the postThis is a Standard Post
28 August / / security / wick / WebAssembly

Wick 0.14 release: deep invocations and packet assertions

Wick 0.14 brings two major QoL improvements to wick: app invocations and a whole class of new assertions to Wick test cases. Deep invocations You could always use wick invoke against a single component configuration. But as components and their relationships became more elaborate it became harder to “just invoke” some components that were deeply nested inside others. It was even harder with components that were wired into an application configuration.
Read the postThis is a Standard Post
20 August / / security / wick / WebAssembly

Wick 0.13 release: audit & lockdown

Wick 0.13 is out! This release adds two huge new features to improve security in your applications, wick config audit to audit the resources your apps use and Lockdown configurations to restrict access to those resources. Audit reports The wick config audit command outputs a list of all resources used by an application in one fell swoop. This report lists all the URLs, files, directories, and ports that your application wants to access and you can get it without running the application at all.
Read the postThis is a Standard Post
19 July / / Security

3 Misunderstandings about Credential Stuffing attacks

Another day, another report of a data breach. The description in Macy’s announcement, though, is noticeably different than most — there was no reference to internal systems being accessed beyond the web application and no data extracted en masse.

Read the postThis is a Standard Post