Application security – Bake Security In

Easter Eggs – hidden ingredients in software and cake

What would Easter be without Easter Eggs and the taste of chocolate? Software, on the other hand, does not need Easter Eggs. Probably, there will be a few undocumented features accidentally anyway, without anyone implementing those on purpose. What about cake, then? Do you prefer your cake with or without easter eggs?

Manage security debt and write some documentation!

For most people, writing documentation is boring! But what if I told you that writing technical documentation helps reduce security weaknesses? Writing down some notes also makes you a better baker.

Apple pies and integer overflows

Autumn is apple season, so I started yearning for a yummy apple pie. Coincidentally, Apple recently released a patch for an arbitrary code execution vulnerability caused by an integer overflow. What a perfect excuse for baking an apple pie!

You should monitor logs like a cake in the oven

Recently I tried out a new cookie recipe and was unsure how long to keep the cookies in the oven. I had to watch quite closely that I’m not burning them. That reminded me about log monitoring, a crucial part of security that sometimes gets overlooked.

Threat modeling baking – when bread falls on the buttered side

A woman with a baker's hat holding two trays of cookies.

Several things can go wrong with baking: meringue flattens, cookies are burnt, the cake is raw on the inside. These are something you can prepare for. Similarly, in cybersecurity, you can identify problems early and plan mitigations. This is called threat modelling. I’ll introduce threat modeling through baking analogies.

Threats related to multi-factor authentication… and some multi-factor baking

A while back I stumbled upon a few recipes that had both baking soda and baking powder in them. Typically, you use just either-or. Immediately I thought about multi-factor authentication. Similar to having several factors to authenticate that it is you, you have several raising agents in your pastry!

What do vulnerabilities and bread rolls have in common?

Libraries in an application are like seeds in a bread roll. They are an inseparable part of the product. If the seeds are stale, the rolls might taste funny. And if the libraries contain vulnerabilities, the application can be vulnerable, too.