Latest opinions that Pavlo Farb has shared on Finextra

Join the Community

22,024

Expert opinions

44,216

Total members

425

New members (last 30 days)

171

New opinions (last 30 days)

28,678

Total comments

Join Sign in

Pavlo Farb

Security Engineer

Cossack Labs

Member since

11 Jun 2021

Location

London

View Pavlo Farb's full profile

Pavlo's opinions

Security audit of smart contracts: verifying DeFi

Once deployed, a lot of smart contracts cannot be easily changed. So, it would be wise to take a close look at potential weaknesses, exploits, and built-in mitigations when it’s not too late for changes. But look beyond the code. Smart contracts are immutable pieces of code that perform certain operations in blockchain networks or link different bl...

13 December 2022 /security /crypto DeFi

Application security in cryptocurrency ecosystem

You can often hear from me and my colleagues security engineers about the defense in depth approach to protecting the user data. Does this mean putting as many tools and security controls in your code or system as the whole market suggests? By no means. When speaking about defence in depth we mean that carefully chosen tools, controls, security po...

07 June 2022 /security /crypto Fintech

Field level encryption and apps’ re-engineering

One of the most common concerns security engineers hear sounds like “field level encryption is awesome, but alas we can not afford it because we will need to completely rewrite the code and encryption will make everything slow”. I fully agree with the first part, field level encryption is awesome. As for the latter, literally, it could be transla...

04 May 2022 /security /regulation Fintech

Building data security in a cloud

Switching from traditional software engineering to building modern cloud apps requires multiple changes on several levels, with data-related security often mistakenly pushed to the margins. But in fact, even with all the brilliant cloud providers’ security options, you can't duck data protection issues in a cloud, you just face new priorities in...

12 April 2022 /security /cloud Fintech

Dousing the dependency hell in fintech apps

One of the most important things you can do to make your fintech apps more secure is to let your developer team go beyond coding and get involved in security design and security operations including dependency and vulnerability management. I start with this idea every time I’m asked to give some advice on data security issues in fintech since this...

05 April 2022 /security Fintech

Cryptocurrency wallets security

Data security is an extremely complex industry. Even the most cutting edge applications, like blockchain and cryptocurrency wallets, are subject to “boring” data security threats. Especially because in the cryptocurrency context reputation equals costs. To eat an elephant one bite at a time, let’s have a think about the first and foremost things t...

22 March 2022 /security /crypto Cryptocurrency Insights

Data security in fintech: from TLS to ALE

Recently, after reading a great engineering blog post on OCSP and CRL verifiers in Go, and after further discussion in the community, I’ve got an insight that made me really gloomy. Mass of projects use technologies without paying attention to their security holes. For instance, financial applications adopt TLS (transport layer security) protocol,...

21 February 2022 /security /payments Fintech

Community