Securely Logging & Tracing HTTP Requests in Go | zvelo

Securely Logging & Tracing HTTP Requests in Go

I was recently debugging a nasty issue in one of our backend services and needed to view the exact HTTP request & response being sent to an authentication server. Fortunately, Go’s standard library provides http.RoundTripper, httputil.DumpRequestOut & httputil.DumpResponse, which are great for dumping the exact out-bound request & the response. But since an authentication request contains credentials and a response contains a security token, it would have been insecure to record credentials & tokens in our logging systems. How could I securely exfiltrate the information I needed, while maintaining security and not requiring a whole lot of changes to my codebase or deployment environment?

devil's ivy

Devil’s Ivy Targets IoT Open Source Code Library

By Eric Watkins, Senior Malicious Detection Researcher at zvelo This week, a new security vulnerability subject to remote attack, known as Devil’s Ivy, is targeting the C++ library used by thousands of different IoT device vendors. The most popular devices being compromised are IoT video cameras; however, the associated risk is not limited to video…

EU-US Privacy Shield: New Framework for Translatlantic Data

EU Commission and United States agree on new framework for transatlantic data flows A new US/EU arrangement puts stronger regulations on companies in the U.S. to protect the personal data of Europeans and stronger monitoring and enforcement by the U.S. A few highlights that new arrangement will include: Strong obligations on companies handling Europeans’ personal…