Visual representation of a CAPTCHA showing the word ‘pump’ with distortions

Privacy Pass: The Revolution in CAPTCHA Mitigation and User Privacy

The traditional approach to human verification, CAPTCHAs, is facing significant challenges due to evolving bot technology and user dissatisfaction. These mechanisms, although once effective, are now becoming both inadequate and inconvenient, compromising security and posing privacy concerns. The emergence of Privacy Pass, a groundbreaking solution developed by Cloudflare, seeks to ... Read More
Screen capture of a username and password slog-on prompt

Understanding Identity and Access Management (IAM)

Identity and Access Management (IAM) is a critical component of cybersecurity, especially in business environments. IAM, in simple terms, is a framework of policies, practices and procedures to ensure that the right users have access to the right resources and systems at the right time. This article discusses IAM, its ... Read More

Opaque IDs: the ultimate protection against enumeration attacks

|
IDs in APIs and applications might be exploited to gain unauthorised access to other data or otherwise disclose information by means of various attacks, such as timing attacks and enumeration attacks. For instance, an attacker can use sequential IDs to guess the existence of IDs and perform enumeration attacks. Authenticated ... Read More
Screen capture showing a simple client-side rendered page

Progressively loading CSR pages

|
The principles of progressive enhancement can be applied to client-side rendered pages (or any pages with client-side scripts) to ensure that no matter the capabilities of users’ browsers, an appropriate baseline interactivity is present ... Read More

Effectively mitigating CSRF

|
Cross-Site Request Forgery (CSRF) is an attack in which an external site makes a request to another site on behalf of a user without consent. This attack often relies on an existing session on the target site, which the attacker hijacks for their own purposes. Various CSRF prevention and mitigation ... Read More

Apeleg join the W3C

|
Apeleg have become a W3C member. The World Wide Web Consortium (W3C) is one of the chief international standard organisations for the web. We plan on bringing our experience to the table to help produce high-quality standards and gain insights that can help us deliver even better services ... Read More
Screen capture with inspection tool showing an externally hosted image

Modern and robust hotlink protection in 2022

|
Hotlinking refers to the practice of third-party web properties loading resources directly from your server. Unauthorised hotlinks are generally undesirable, not only because they can facilitate reproducing your content without permission. Web standards and browsers have come a long way in the last few decades, and they now include all ... Read More
Components of a trusted platform

Types of Execution Environments, Attestation and SGX

|
Execution environments are the combination of hardware and software components that can be used to execute and support applications, typically comprising a processing unit, memory, input and output ports and an operating system. Because application execution requires an execution environment, applications are ultimately limited by any constraints placed onto them ... Read More

Benchmarking in C (for x86 and x64)

|
Benchmarks are extremely useful to see how performant some code or operation is and a requirement for any empirical decision making. After all, how can we know with any certainty if some library is faster than another one without testing? At its core, benchmarking is quite a simple idea we ... Read More

Smidyo × Apeleg = Vector Express

Apeleg have partnered with Smidyo in a joint venture to provide Vector Express. Vector Express is a SaaS platform that addresses and simplifies many common tasks when working with vector files. It can be used manually with the frontend at Vector Express or integrated with other systems with a flexible ... Read More