Breaches that could have been prevented with pentesting. Achieving SOC 2 compliance is a big deal. It shows your clients that you take data security seriously. But getting certified is just the first step. Maintaining compliance and securing your systems requires ongoing effort, so SOC 2 pentesting is vital. Think of SOC 2 compliance as …

About SecureDrop SecureDrop is an open source whistleblower submission system that media organizations and NGOs can install to accept anonymous, secure documents from sources. It receives documents via the Tor network (a distributed network of relays that help protect users’ privacy), records only the date and time of the transfer, and enables recipients to view submissions in its …

7ASecurity is proud to share the results of our security audit of LitmusChaos. LitmusChaos is an open source chaos engineering platform for a multitude of cloud platforms. With the help of the Open Source Technology Improvement Fund (OSTIF) and the Cloud Native Computing Foundation, this project can continue to provide secure chaos testing environments for …

About V2Ray is a versatile network utility that provides a platform for building proxies to bypass network restrictions—enabling users to access the internet safely and privately in restricted contexts where surveillance and censorship are prevalent. In addition to being open source, V2Ray is designed with encryption and obfuscation functions that make it harder for surveillance forces …

7ASecurity is proud to share the results of our security audit of OpenTelemetry. OpenTelemetry is an open source project for generating and collecting telemetry data for software analysis. With the help of the Open Source Technology Improvement Fund (OSTIF) and the Cloud Native Computing Foundation (CNCF), this project will experience strengthened security health as it moves to graduation status with the …

About CoverDrop Whistleblowers need a secure method to initiate contact and build trust with journalists. Existing tools often cater to later-stage correspondence, leaving crucial, early touch-points vulnerable to surveillance. In addition, many of these tools are difficult to find on newspaper websites, hard to use securely, and offer insufficient user guidance. After conducting workshops with …

About Opaque Opaque is a JavaScript package to allow secure password-based, client-server authentication without the server ever obtaining knowledge of the password.  Audit Description Through OTF’s Red Team Lab, 7ASecurity conducted a penetration test and whitebox security review of Opaque. A whitebox review is a form of application testing that provides the tester with complete knowledge of the application …

DEfO is developing an implementation of the Encrypted ClientHello (ECH) mechanism for OpenSSL. This effectively closes a privacy loophole in the Transport Layer Security protocol. Project Overview The DEfO project is developing an implementation of the encrypted ClientHello (ECH) mechanism for OpenSSL, which is a widely used library that provides an implementation of the Transport …