#Security Posts

The Toptal Engineering Blog is a hub for in-depth development tutorials and new technology announcements created by professional freelance software engineers in the Toptal network.
Subscribe for daily updates today and check out the wealth of technical resources published by the Toptal network.
Nermin Hajdarbegovic
Rethinking Authentication And Biometric Security, The Toptal Way

How does one secure a vast, distributed network of tech talent? There are three ways of doing this: the right way, the wrong way, and the Toptal way. Today, we will be discussing the latter, and unveiling our plans for a comprehensive overhaul of our onboarding and authentication procedures.

In this post, Toptal Technical Editor Nermin Hajdarbegovic will help you get acquainted with our brand new processes. Since all Toptalers will be required to use our new security platform, we encourage you to comment and contribute to our efforts.

Continue reading →
Gergely Kalman
10 Most Common Web Security Vulnerabilities

For all too many companies, it’s not until after a breach has occurred that security becomes a priority. An effective approach to IT security must, by definition, be proactive and defensive. This post focuses on 10 common and significant web-related IT security pitfalls to be aware of, including recommendations on how they can be avoided.

Continue reading →
Gergely Kalman
Fixing the “Heartbleed” OpenSSL Bug: A Tutorial for Sys Admins

A potentially critical problem, nicknamed “Heartbleed”, has surfaced in the widely-used OpenSSL cryptographic library. The vulnerability is particularly dangerous in that potentially critical data can be leaked and the attack leaves no trace.

As a user, chances are that sites you frequent regularly are affected and your data may have been compromised. As a developer or sys admin, sites or servers you’re responsible for are likely to have been affected.

Here are the key facts you need to know about this dangerous bug and how to mitigate your vulnerability.

Continue reading →
Gergely Kalman
With a Filter Bypass and Some Hexadecimal, Hacked Credit Card Numbers Are Still, Still Google-able

In 2007, Bennett Haselton revealed a minor hack with major implications: querying ranges of numbers on Google would return pages of sensitive information, including Credit Card numbers, Social Security numbers, and more. While Haselton’s hack was addressed and patched, I was able to tweak his original technique to bypass Google’s filter and return the same old dangerous results.

Continue reading →