Forgotten Essence Of The Backend Penetration Testing
At Riscure we have observed many severe security issues exploited by hackers even in previously certified solutions. In recent years, certification, which aims to minimize security risks, has ...
Blog
Whip the Whisperer: Blackhat 2022
Cryptographic side channels are well-known and understood in the industry. There are also many countermeasures against side channels to reduce the leakage risk. However, many implementations in ...
Five things you should know to avoid the most common security errors
For more than 20 years Riscure has been helping chip and device vendors to improve the security of their products. We have observed the ever-changing security landscape, adjusted to the evolving ...
3 Reasons Why Your Payment App Needs To Get EMVCo Certified
Riscure worked together with Promon to define why mobile app providers should consider getting EMVCo Software-Based Mobile Payment (SBMP) certification.
Security certification considerations when choosing a secure product
Understanding Common Criteria and Evaluation Assurance Levels, and putting these into context when choosing secure products and services.
The Price We Pay for Fault Injection
This new paper describes the background and risks of Fault Injection.
The Price We Pay for Faults: Video Webinar
Tune into our recent webinar presented by Riscure's CEO Marc Witteman, as he breaks down the dollars and cents of Fault Injection.
State of Security for Smart Home Devices
Recently, Riscure analyzed the security of commonly used smart home devices such as WiFi routers, gateways, door locks, and cameras.
Fault Mitigation Patterns
To make it easier for developers to protect their security-critical devices, Riscure created this paper discussing patterns that can cost-effectively mitigate the code.
My journey at Riscure: Diego Rivera
Diego Rivera is a senior developer at the Riscure True Code team. Three years ago, Diego joined Riscure’s software development team and has been working with them on our tools since then. In ...
Security Highlight: A further look at faulTPM’s deepest secrets
Recently, a new paper was published by Hans Niklas Jacob et al, titled "faulTPM: Exposing AMD fTPMs’ Deepest Secrets". The paper demonstrates the impact of a previously published Voltage Fault ...
Secure Implementation of Post Quantum Crypto in the spotlight
Marc Witteman shares his thoughts on the latest developments in secure Post Quantum Crypto
My journey at Riscure: Nicole Fern
Nicole Fern is a Senior Security Analyst at Riscure North America. In this role she works on both hardware and software projects, and is also involved in Riscure’s Training Academy as a trainer. ...
Security Highlight: ChatGPT vs Security Analyst
At Riscure, we like to explore new technologies that can help us better help our customers. Undoubtedly, the latest famous new applications are various versions of ChatGPT, a recently accessible ...
My journey at Riscure: Nisrine Jafri
Nisrine Jafri is a Senior Security Analyst and Evaluator at Riscure. After switching from academia to industry work 2 years ago, Nisrine has been mainly working on Certification projects at ...
Security Highlight: a look at Ascon, a lightweight crypto algorithm
The contest for standardization of a lightweight crypto (LWC) algorithm has just finished. US standards body NIST selected Ascon as the winner. Ascon is an algorithm proposed by an international ...
My journey at Riscure: Chris Berg
Chris Berg is a Security Analyst at Riscure. Chris joined us 2 years ago and he has already worked as a security analyst and evaluator on multiple large certification projects. In this ...
Security Highlight: Exploiting persistent faults in crypto
At the most recent CHES workshop, Hossein Hadipour of the Graz University of Technology presented an important step forward in exploiting persistent faults in crypto.