7ASecurity completes CoverDrop Audit

About CoverDrop Whistleblowers need a secure method to initiate contact and build trust with journalists. Existing tools often cater to later-stage correspondence, leaving crucial, early touch-points vulnerable to surveillance. In addition, many of these tools are difficult to find on newspaper websites, hard to use securely, and offer insufficient user guidance. After conducting workshops with …

7ASecurity Completes Opaque Security Audit

About Opaque Opaque is a JavaScript package to allow secure password-based, client-server authentication without the server ever obtaining knowledge of the password.  Audit Description Through OTF’s Red Team Lab, 7ASecurity conducted a penetration test and whitebox security review of Opaque. A whitebox review is a form of application testing that provides the tester with complete knowledge of the application …

DEfO-2 OpenSSL HPKE PR Security Audit

DEfO is developing an implementation of the Encrypted ClientHello (ECH) mechanism for OpenSSL. This effectively closes a privacy loophole in the Transport Layer Security protocol. Project Overview The DEfO project is developing an implementation of the encrypted ClientHello (ECH) mechanism for OpenSSL, which is a widely used library that provides an implementation of the Transport …