/ Recent content on MaTTeo's Dlog Hugo -- gohugo.io en Sat, 18 Mar 2023 00:00:00 +0000 /blog/shift-everywhere/ Sat, 18 Mar 2023 00:00:00 +0000 /blog/shift-everywhere/ Shift Left? Shift Everywhere! The notion of shifting left has been a best practice by application security practitioners, devOps engineers, and application security tool vendors for a long time. Shift Left is a term used to reflect the practice of identifying weaknesses and vulnerabilities as quickly as possible, while minimizing development friction. The advantage to identifying issues early on, results in better security, agility, and cost efficiencies. Left Until You Cannot Shift Left is accomplished by utilizing secure code analysis tools, trained secure developers, and automation to provide feedback at the speed of DevOps. /blog/opensource-security-tools-across-the-devops-lifecycle/ Sun, 20 Feb 2022 00:00:00 +0000 /blog/opensource-security-tools-across-the-devops-lifecycle/ Introduction Q: Is it possible for a commercial enterprise to implement an application security program with only opensource tools? A: tl;dr – Yes, it’s possible! Oftentimes organizations face a lack of funding to implement a commercial, “turnkey” application security solution. As an alternative, it might be worth evaluating opensource solutions. It’s important to note the term opensource comes with the understanding that many “free” application security tools are not “free” for commercial use. /blog/whitepaper-grt/ Sun, 15 Aug 2021 00:00:00 +0000 /blog/whitepaper-grt/ Premise Searching for meaningful information from blockchain data and decentralized storage (IPFS) is extremely difficult. To begin, data stored on a blockchain is transactional and based sequentially upon when the transaction was added to the chain. A traditional database is relational but blockchains are not. Imagine having to search thru every block beginning with the genesis block to the most recent to find what you are looking for. It will not only be slow, but the amount of processing and transformation into something meaningful is cumbersome and requires that you do it all yourself. /blog/nft-security/ Mon, 28 Jun 2021 00:00:00 +0000 /blog/nft-security/ What is an NFT? NFT stands for NonFungible Token. Think of it as a digital record which has been minted (created) on a blockchain. Meaning, the file represents “something” that has been recorded on a blockchain. It is very unlikely the NFT itself is stored on a blockchain, rather the transaction details and a reference to the actual NFT location are stored on the blockchain. There are many potential “gotcha’s” associated with NFT’s. /blog/starting-application-security-program/ Wed, 12 May 2021 00:00:00 +0000 /blog/starting-application-security-program/ Originally, I authored this article for the Veracode Community Website. I’ve Got the AppSec Tools, Now What? An article for the Veracode Community: Fantastic! Your org has purchased shiny new products that will seriously up your game against those pesky adversaries and take a bite out of risk. Often, the first question asked after such a purchase is, “now what?” The purpose of this article is to provide some thought provoking tips aimed to keep AppSec moving along. /blog/whitepaper-eos/ Sun, 11 Apr 2021 00:00:00 +0000 /blog/whitepaper-eos/ Premise The EOSIO blockchain is utilized by several decentralized projects. Understanding the permissioning capabilities of the platform will help to gain an understanding of not only the EOSIO platform, but also how permissioned blockchains differ from fully permissionless blockchains. EOSIO Value Proposition EOSIO is a platform for building and vertically scaling decentralized applications (dApps). EOSIO creates an operating-system-like platform from which dApps can be built and maintained. EOSIO considers authorization, RAM storage, database, and asynchronous communication clusters scaling to millions of transactions per second. /blog/decentralized-web-blog-dlog/ Thu, 11 Mar 2021 00:00:00 +0000 /blog/decentralized-web-blog-dlog/ The article answers the question of “what exactly is a “Dlog”? No this is not a typo. Blogs are so Web2. A Dlog, is a concatenation of Decentralized and Blog. Wow! Real original. What is interesting is that at the time of this writing Googling Dlog did not return anything remotely close to a distributed or decentralized web log. As far as I know, this is the first documented use of Dlog in the web3 context. /about/ Sun, 28 Feb 2021 00:00:00 +0000 /about/ Podcasts I listen to often ask their guests to provide an “origin” story about their background and experiences that led up to their current field of work or interest. Here is mine … I became fascinated with the internet in the mid 90’s when I realized it would transform the world. After purchasing my first “real” computer, I began learning as much as I could. BTW, “first real” computer to me a is a computing device with a hard drive, and modem. /blog/first/ Mon, 28 Dec 2020 00:00:00 +0000 /blog/first/ Through the Looking Dapps Figuring out IPFS and Web3 Hello IPFS! I just created a very simple page using IPFS. Like all well-intentioned, beginner bloggers ... more to come! Navigation can be tricky in IPFS. You must have an understanding of Merkel Trees because changing will result in a changed CID. Also, it is important to make a blog that will run on both the IPFS protocol and legacy https. /contact/ Mon, 01 Jan 0001 00:00:00 +0000 /contact/ The world of Web3 is diverse, changing, and fascinating! Tell me what you think about it.