Security

🔥 Featured Posts

How to Block ECH and Mitigate DoH in Enterprise Networks

A hands-on guide using dnsmasq to filter SVCB and HTTPS records for disabling ECH and enforcing central DNS policies. Notes that DoH requires separate network-layer policies.

Review of Citrix Security Policy Effectiveness

Citrix administrators apply security policies to each user’s VDI (Virtual Desktop Infrastructure) through Citrix Group Policy. However, certain structural vulnerabilities in Citrix CSE (Citrix Service Engine) and the Citrix VDI Agent allow for potential bypassing of these security policies.

Security threats and mitigation strategies for java reflection

The **Java Reflection API** is a powerful tool that allows dynamic manipulation of classes, methods, and interfaces at runtime. However, due to its flexibility, it introduces significant security risks, as attackers can exploit it to gain unauthorized access to systems. In this article, we will explore the security threats posed by Java Reflection and outline strategies to mitigate these risks.

Is Your Data in the Cat's Paws?

The 2025 KakaoPay case exposed the limits of formal consent and self-regulation. Data democracy must be achieved through AI-based DPIA verification and civic oversight.

There’s No Such Thing as a Free Lunch, But Security Was Free

The global security community has depended on CVE for decades without ever paying a dime. As the system nears collapse, it’s time to ask who should bear the cost of public cybersecurity infrastructure.

Common Security Myths Developers Tell Themselves

This article breaks down common developer security myths—responsibility deflection, overconfidence in technology, and security underestimation—and offers realistic countermeasures.

Can Development Culture Influence Security Levels?

Can Development Culture Influence Security Levels? Evaluating Code Quality and Security Levels Using Static Analysis Tools (Joern) Background Unlike companies like Google with an open and collaborative development culture, in some organizations that lack such culture, the quality of the code, including security levels, can be heavily influenced by the individual’s capability. In particular, developers who tend to write poor quality code, such as using the strcpy function, can have their code quality and security levels assessed by utilizing static analysis tools (Joern, CodeQL, etc.) with custom rules. As a result, even in situations where the development culture is lacking, code quality and security levels can be improved, leading to the production of good-quality code. ...