Blog

Forgotten Essence Of The Backend Penetration Testing

Forgotten Essence Of The Backend Penetration Testing

At Riscure we have observed many severe security issues exploited by hackers even in previously certified solutions. In recent years, certification, which aims to minimize security risks, has ...
Whip the Whisperer: Blackhat 2022

Whip the Whisperer: Blackhat 2022

Cryptographic side channels are well-known and understood in the industry. There are also many countermeasures against side channels to reduce the leakage risk. However, many implementations in ...
Five things you should know to avoid the most common security errors

Five things you should know to avoid the most common security errors

For more than 20 years Riscure has been helping chip and device vendors to improve the security of their products. We have observed the ever-changing security landscape, adjusted to the evolving ...
3 Reasons Why Your Payment App Needs To Get EMVCo Certified

3 Reasons Why Your Payment App Needs To Get EMVCo Certified

Riscure worked together with Promon to define why mobile app providers should consider getting EMVCo Software-Based Mobile Payment (SBMP) certification.
Security certification considerations when choosing a secure product

Security certification considerations when choosing a secure product

Understanding Common Criteria and Evaluation Assurance Levels, and putting these into context when choosing secure products and services.
The Price We Pay for Fault Injection

The Price We Pay for Fault Injection

This new paper describes the background and risks of Fault Injection.
The Price We Pay for Faults: Video Webinar

The Price We Pay for Faults: Video Webinar

Tune into our recent webinar presented by Riscure's CEO Marc Witteman, as he breaks down the dollars and cents of Fault Injection.
State of Security for Smart Home Devices

State of Security for Smart Home Devices

Recently, Riscure analyzed the security of commonly used smart home devices such as WiFi routers, gateways, door locks, and cameras.
Fault Mitigation Patterns

Fault Mitigation Patterns

To make it easier for developers to protect their security-critical devices, Riscure created this paper discussing patterns that can cost-effectively mitigate the code.
My journey at Riscure: Diego Rivera

My journey at Riscure: Diego Rivera

Diego Rivera is a senior developer at the Riscure True Code team. Three years ago, Diego joined Riscure’s software development team and has been working with them on our tools since then. In ...
Security Highlight: A further look at faulTPM’s deepest secrets

Security Highlight: A further look at faulTPM’s deepest secrets

Recently, a new paper was published by Hans Niklas Jacob et al, titled "faulTPM: Exposing AMD fTPMs’ Deepest Secrets". The paper demonstrates the impact of a previously published Voltage Fault ...
Secure Implementation of Post Quantum Crypto in the spotlight

Secure Implementation of Post Quantum Crypto in the spotlight

Marc Witteman shares his thoughts on the latest developments in secure Post Quantum Crypto
My journey at Riscure: Nicole Fern

My journey at Riscure: Nicole Fern

Nicole Fern is a Senior Security Analyst at Riscure North America. In this role she works on both hardware and software projects, and is also involved in Riscure’s Training Academy as a trainer. ...
Security Highlight: ChatGPT vs Security Analyst

Security Highlight: ChatGPT vs Security Analyst

At Riscure, we like to explore new technologies that can help us better help our customers. Undoubtedly, the latest famous new applications are various versions of ChatGPT, a recently accessible ...
My journey at Riscure: Nisrine Jafri

My journey at Riscure: Nisrine Jafri

Nisrine Jafri is a Senior Security Analyst and Evaluator at Riscure. After switching from academia to industry work 2 years ago, Nisrine has been mainly working on Certification projects at ...
Security Highlight: a look at Ascon, a lightweight crypto algorithm

Security Highlight: a look at Ascon, a lightweight crypto algorithm

The contest for standardization of a lightweight crypto (LWC) algorithm has just finished. US standards body NIST selected Ascon as the winner. Ascon is an algorithm proposed by an international ...
My journey at Riscure: Chris Berg

My journey at Riscure: Chris Berg

Chris Berg is a Security Analyst at Riscure. Chris joined us 2 years ago and he has already worked as a security analyst and evaluator on multiple large certification projects. In this ...
Security Highlight: Exploiting persistent faults in crypto

Security Highlight: Exploiting persistent faults in crypto

At the most recent CHES workshop, Hossein Hadipour of the Graz University of Technology presented an important step forward in exploiting persistent faults in crypto.