Break&Build Security – Medium

Break&Build Security

Break&Build Security

OWASP Global AppSec Dublin 2023

I gave my talk about [T]OTP brute forcing in OWASP Global AppSec Dublin in February 2023, I had given a similar talk in DEFCON 2022, and…

2 min readFeb 28, 2023

--

OWASP Global AppSec Dublin 2023

--

Break&Build Security

DEFCON30: AES GCM common pitfalls and how to work around them

I wanted to share one of the talks I gave at DEFCON30, 2022, “AES GCM common pitfalls and how to work around them”. It was presented live…

1 min readAug 24, 2022

--

--

Break&Build Security

Patent: “Verifying incoming communications”

I’m happy to announce the patent I co-wrote as lead inventor along with Lucas Vidal, and Serge Kruppa is finally published.

3 min readJul 30, 2022

--

Patent: “Verifying incoming communications”

--

Break&Build Security

Fixing vulnerabilities in WAF is OK, right?

A few weeks ago I had a discussion with a Principal Software Engineer on the best strategy to patch a vulnerability, they insisted on WAF…

6 min readMay 3, 2022

--

1

Fixing vulnerabilities in WAF is OK, right?

--

1

Break&Build Security
in
System Weakness

Defeating OTP through probabilistic attacks and how to mitigate

You likely receive OTPs (one-time-passwords) all the time, usually in the form of an SMS with a 4 to 8 digit code in it. Pretty common when…

7 min readMar 21, 2022

--

Defeating OTP through probabilistic attacks and how to mitigate

--

Break&Build Security

Moving to Medium (for now)

After many years of blogging in Blogspot, I’m finally moving out of it. It didn’t feel like a modern platform anymore (for a long time…

1 min readMar 21, 2022

--

--

Break&Build Security

Break&Build Security

https://www.linkedin.com/in/santikanto/ I’m Santiago Kantorowicz, Staff Security Engineer @ Twilio. Passionate CyberSecurity.

Help
Status
About
Careers
Blog
Privacy
Terms
Text to speech
Teams