Project Zero News and updates from the Project Zero team at Google
Git Secret Scanner - Analysis of GitHub, GitLab and BitBucket reports for accedential security commits.
Security Best Practices: Symmetric Encryption with AES in Java and Android - Advanced Encryption Standard (AES), common block modes, why you need padding and initialization vectors and how to protect your data against modification with avoiding most security issues.
BeyondCorp - A New Approach to Enterprise Security - Virtually every company today uses firewalls to enforce perimeter security. However, this security model is problematic because, when that perimeter is breached, an attacker has relatively easy access to a company’s privileged intranet. As companies adopt mobile and cloud technologies, the perimeter is becoming increasingly difficult to enforce. Google is taking a different approach to network security. We are removing the requirement for a privileged intranet and moving our corporate applications to the Internet.
BeyondCorp - Design to Deployment at Google - Unlike the conventional perimeter security model, BeyondCorp doesn’t gate access to services and tools based on a user’s physical location or the originating network; instead, access policies are based on information about a device, its state, and its associated user.