Here at Tozny, we have a passion for educating the technical community about encryption, privacy, and cybersecurity. In these series of guides, you will find in-depth information about some of the most important topics and decisions facing your company and your users. For a personalized and in-depth review of your specific needs, schedule a consultation with our cryptography experts.
Encryption For Developers
If you write software for a living and you need to add encryption capabilities to your server, application, or website, you’ve come to the right place. This series of articles will guide you through the most critical decisions you will need to make. Avoid the most common pitfalls and follow the narrow path to success!
- Encryption for Developers: Introduction and Overview
- Why Encrypt Data in an Application? Save money in a data breach
- Cryptographic access control for true policy enforcement
- Encryption is Hard for Developers to Get Right
- Encryption Core Concepts: Adding Crypto to your System
- Strong attackers: Planning for the Adversary
- End-to-end encryption is the gold standard: Why HTTPS is not enough
- Key Management Should Be Designed First Not Last
End-to-end Encryption
End-to-end is the strongest level of encryption. Secure your email, messages, files and secrets. These end-user appropriate tools will take you to the next level for personal and corporate security.
- Introduction and Overview
- End-to-end encryption vs. HTTPS – Why HTTPS is not enough
- Secrets Management
- Secure Email
- File Storage
- Messaging and Chat
How to get Encryption Right
Various articles about improving encryption in the application, for authentication, and for HTTPS.
- Encryption is hard to get right – Even harder than it seems
- Can I Use Intel’s SGX for Secure Computation in the Cloud Yet?
- Making Browser Crypto Safe for the Modern Web
- Encrypting strings in Android: Let’s make better mistakes
- Secure Authentication with Libsodium
- GoDaddy’s SSL certs don’t work in Java: The right solution
Privacy
Encryption isn’t just about security. The use of encryption for protection of user privacy is increasingly common.
- 10 Unnerving Privacy Fails Thru Data Aggregation
- A brief history of encryption and privacy
- Using Personal Data Services for Protection and Privacy
Encryption Tools for DevOps
A few highlights for the best tools in DevOps for managing secure data and secrets.
Encrypt Everything
Encrypt is hard to use, for both end users and more technical folks. This guide will walk you through encryption of data in transit and at rest in for your personal and corporate assets.
Security for Small Business
Small businesses are often the target of advanced cyber attacks. Why? Because your customer, your cash in the bank, and your intellectual property make the return on investment worthwhile. From regulatory compliance to application integrity and cryptography, these are the modern approaches to cybersecurity.
- Introduction and Overview
- Critical Crypto
- Security Checklist
- Regulatory Compliance
- Application Integrity
- Secure Architecture
- Insider Threats
- The tension between Agile, MVPs, and Security
Identity Management with SimpleSAMLphp
SimpleSAMLphp is a very widely deployed tool for identity management, single sign-on, and social login. Configuring it is an art, though. Read on for more information.
- Introduction and Overview
- SimpleSAMLphp Quick Start
- SimpleSAMLphp as an IDP for Office365
- SimpleSAMLphp as an IDP for Google’s G-Suite
- SimpleSAMLphp Integration with Tozny Authentication
Tozny’s Encryption Toolkit: TozStore
TozStore provides application-level encryption, which secures your data for its entire life-cycle. Data gets encrypted where it is generated (written) and decrypted where it is consumed (read), providing end-to-end encryption. The following articles provide an overview of TozStore and its capabilities.
- TozStore: End-to-end encryption toolkit for stored JSON or unstructured data
- Documentation for developers to integrate secure storage and data sharing into your app
- Quick Start for getting your environment set up
- Core Concepts for of the system