secure code

A 2-post collection

How Not To Encrypt Files With Qt

A recent google search I typed for qt encrypt file led me to Qt wiki only to find how bad encryption can live forever. Let's examine the code there to learn what went wrong. What Is Strong Encryption The first result in my search was of course Simple encryption with SimpleCrypt. Truth must be said they did mention the code described in the page does not offer strong encryption, but they didn't say what strong means in the context, and thus we need to dive in

Read more

CWE 362 Explained

In 2015, Egor Homakov discovered he could get free coffee at Starbucks by just misusing their website. Reading his post reminded me why it's important for developers to know about common weaknesses. Here's the one that Starbucks developers made, and I hope you'll know to avoid. An Insecure Snippet The problematic code in Starbucks' implementation was in a function that transferred money between two gift cards. I don't know which language Starbuck's site is written in, or how their code looks like, but I can guess

Read more