Gmail App for iOS: An example of a terrible security practice in mobile apps

January 21st, 2015

Today I just installed by the first time the Gmail official client for iOS and I was really surprised on how a company like Google has produced such an insecure app, so, before of uninstalling the app forever from my iPhone I decided to write this post to share with you why you must do […]

WS-Trust Proof-of-Possession (PoP) tokens with client and server entropy (with partial keys) – Part 1

January 15th, 2015

As a security feature WS-Trust supports Proof-of-Possession Tokens. In this post I want to show you how you can consume a service that requires PoP token security with client and server entropy (going deep in a min). This method has been tested with Microsoft Dynamics CRM and ADFS. This is a very long topic, so […]

Security Stack for Modern Apps talk at UTN: The video (Spanish)

January 5th, 2015

Last December 19 I was invited by the Argentine National Technological University (UTN) in Buenos Aires to speak about security architectures in modern apps. On my talk I covered Token-based Authentication scenarios for Single Page and Mobile Apps, access delegation with OAuth 2.0 and Identity Federation with OpenId Connect. It was really fun and such […]

Google’s XSS Problem: It happens in the best of families

December 28th, 2014

A couple of days ago, this guy found an unbelievable XSS vulnerability on Google’s result page. Basically when you add your site to Google index you can add some links that are shown as breadcrumbs in the result page and the user can click. In this post he shows how Google was not validating the […]

Speaking at UTN: Security Stack for Modern Applications

December 1st, 2014

Next December 19 I will be closing the year speaking about Security Architectures for modern applications at Argentine National Technological University in Buenos Aires. The National Technological University (Spanish: Universidad Tecnológica Nacional, UTN) is a country-wide national university in Argentina, and it’s considered among the top engineering schools in the country, so It is a […]