Blockchain 101 – A Visual Demo

This is a very basic visual introduction to the concept behind a blockchain.  Anders Brownworth  introduces the idea of an immutable ledger using an interactive web demo. If you are interested in playing with this on your own, it is available online at:

The code that runs this demo is also on GitHub:


What is the Blockchain

What is the blockchain? If you don’t know, you should; if you do, chances are you still need some clarification on how it actually works. Don Tapscott is here to help, demystifying this world-changing, trust-building technology which, he says, represents nothing less than the second generation of the internet and holds the potential to transform money, business, government and society.

The Future of Financial Institutions: An ambitious look at how blockchain can reshape financial services by the World Economic Forum


The World Economic Forum’s analysis has yielded six key findings regarding the implications of distributed ledger technology (DLT) on the future of financial services:

  1. DLT has great potential to drive simplicity and efficiency through the establishment of new financial services infrastructure and processes.
  2. DLT is not a panacea; instead it should be viewed as one of many technologies that will form the foundation of next generation financial services infrastructure.
  3. Applications of DLT will differ by use case, each leveraging the technology in different ways for a diverse range of benefits.
  4. Digital Identity is a critical enabler to broaden applications to new verticals; Digital Fiat (legal tender), along with other emerging capabilities, has the ability to amplify benefits.
  5. The most impactful DLT applications will require deep collaboration between incumbents, innovators and regulators, adding complexity and delaying implementation.
  6. New financial services infrastructure built on DLT will redraw processes and call into question orthodoxies that are foundation to today’s business models.



The analyzed business use case are: a) Payments; b) Insurance; 3)  Deposits and Lending; 4) Capital Raising; 5) Investment Management; and 5) Market Provisioning.

These key findings are explored in depth in the The future of financial infrastructure  report, based on the use case deep-dives conducted across financial services.


Agile (and its surrogates) vs. Waterfall Methodologies

The most prominent methods in developing software are Agile and Waterfall methodologies.

Waterfall methodology

Your project is worked following the Waterfall methodology when the eight project phases  (conception, initiation, analysis, design, construction, testing, implementation, and maintenance) have to be completed before the commencement of the development phase.


1. You know what to expect at the end of the project, in terms of sizing, costs and timeline.

2. Minimal impact in the event of high turnover thanks to the detailed documentation.


1. No changes are allowed when a task is completed, even if the initial requirements were faulty.

2. The testing phase is only done at the end, hence bugs are only discovered too late and a new code needs to be written from scratch.

3. The plan would not take into account the evolving clients’ need.


Agile Methodology

Agile is a framework for developing and sustaining complex products that follows an incremental rather than a sequential design process approach.

Development work focus on launching a Minimum Valuable Product  – from a end-user point of view – then by enhancing the MVP incrementally by working on flexible modules. The work on these modules is done in weekly or monthly iterations, and at the end of each iteration, project priorities are evaluated and tests are run. These iterations allow for bugs to be discovered, and customer feedback to be incorporated into the design before the next sprint is run.



1. It allows for changes to be made after the initial planning, but prior to the commencement of the spring/iteration period.

2. It allows the user’s feedback to be incorporated in the process by modifying the features in the backlog accordingly.

3. The testing is performed at the end of each iteration ensuring bugs are captured and fixed within the development cycle.


1. You  don’t know what to expect at the end of the project, in terms of sizing, costs and timeline.

Scrum vs. Kanban

Scrum and Kanban in software development are specific form of an agile software methodology.

Scrum is a framework that leverages team commitment as change agent, whilst kanban is a less structured model for introducing change through incremental improvements.





Mobile Web App vs. Native App

Design For specific devices No device-optimized Good for the device it is running in
Graphics Native APIs HTML, Canvas, SVG HTML, Canvas, SVG
Performance Fast, reliable, responsive design Slow Slow
Native Look and Fell Native Emulated Emulated
Distribution AppStore Distribution Web AppStore Distribution
Experience Consistent with the platform look and fell Browser based user experience UI browser elements might not be aligned to native UI elements
Camera Yes No Yes
Notifications Yes – Push Notification No Yes
Contact, calendars Yes No Yes
Offline storage Secure file storage Shared SQL Secure file storage, Shared SQL
Geolocation Yes No Yes
Swipe Yes Yes Yes
Pinch, spread Yes No Yes
Connectivity Online and Offline Mostly Online Online and offline
Development Skills C, Java, .Net HTML 5, CSS, Java Scripts HTML 5, CSS, Java Scripts
Launch Slow time to market Fast to market Mediun time to market
Update Mediun time to market Instant Update Mediun time to market

Mobile CyberSecurity: Quick Access sheet

This post is created to provide a concise collection of resources on specific web application security topics.

OWASP Mobile Top 10 2016 Proposed List

M1 – Improper Platform Usage This category covers misuse of a platform feature or failure to use platform security controls. It might include Android intents, platform permissions, misuse of Touch-ID, the Key-chain, or some other security control that is part of the mobile operating system.
M2 – Insecure Data Storage This new category is a combination of M2 + M4 from Mobile top 10 2014. This covers insecure data storage and unintended data leakage.
M3 – Insecure Communications This covers poor handshaking, incorrect SSL versions, weak negotiation, clear-text communication of sensitive assets, etc…
M4 – Insecure Authentication This category captures notions of authenticating the end user or bad session management. This can include: (1) Failing to identify the user at all when that should be required. (2) Failure to maintain the user’s identity when it is required. (3) Weakness in session management.
M5 – Insufficient Cryptography The code applies cryptography to a sensitive information asset. However, the cryptography is insufficient in some way.
M6 – Insecure Authorization This is a category to capture any failures in authorization (e.g. authorization decision in the client side, forces browsing, etc…). It is distinct from authentication issue (e.g. device enrollment, user identification, etc…). If the app does not authenticate the users at all in a situation where it should (e.g. granting anonymous access to some resources or services when authenticated and authored access is required) then that should be authenticated failure not authorization failure.
M7 – Client Code Quality This was the “the security decision via the untrusted inputs”, one of OWASP lesser used category. This would be the catch-all for code-level implementation problems in the mobile clients.
M8 – Code Tampering This category covers binary patching, local resource modification, method hooking, method swizzling, and dynamic memory modification.
M9 – Reverse Engineering This category includes analysis of the final code binary to determine its source code, libraries, algorithms, and other assets.
M10 – Extraneous Functionality Often, developers include hidden backdoor functionality or other internal development security controls that are not intended to be released into a production environment.

Top Mobile Scanning tools

Portswigger – Burp





Additional resources


ENISA – European Union Agency for Network and Information Security – IoT and smart infrastructures.



HTTP Status Code


Agile Software Development: the Artifacts

Scrum is a framework for developing complex products. It is an interactive, incremental approach to optimize predictability and control risk.

The Scrum Artifacts

Scrum artifacts are tangible by-products produced during the product development. These artifacts consist of the requirements for the overall project, and each individual phase of the project itself.


The product backlog is an evolving, dynamic and ranked list of requirements that might be needed to made the product. The product owner is responsible for the product backlog, including its content, and ranking.

The product backlog lists all features, functions, requirements, enhancement and fixes that constitute the changes to be made to the product in future releases. In agile terminology, the product backlog item are called user stories.

The user stories are the smallest units of work, and its goal is to delivered customer’s value at the end of the iteration. A good user story should be:

Letter Meaning Description
I Independent The user story should be self-contained, so that there is not a dependency with another story
N Negotiable User stories, up until the start of the iteration, can be rewritten and re-ranked.
V Valuable A user story must deliver value to the end user
E Estimable The story is precise and concise so that the development team can estimate it.
S Small The user story development should conclude at the end of the iteration.
T Testable The user story and/or its related description must provide the necessary information to make test development possible.


Epics are feature-level work that encompasses many user stories. Epics are:

  • A Group of related user stories.
  • They use the same wording and format as the user story:
    • Short description;
    • Acceptance criteria;
    • Estimate.
  •  Should not be worked on directly.
  • Can be considered a project.
  • its works can spam more than one release and encompasses more than one product.

The Epic is typically used to monitor and track the development work toward the close proximity of the product release/launch.


Themes are feature-level work that encompasses many epics. They are:

  • A Group of related Epics.
  • They use the same wording and format as the Epics:
    • Short description;
    • Acceptance criteria;
    • Estimate.
  •  It’s a tracking tool to monitor the overall direction.
  • It’s considered as a Portfolio.
  • It is also called an Adventure.

The Theme is typically used to discuss with the CEO and board members for tracking the overall strategy direction.


Design your first Usability Test

Participants and Sample Size

“5 users will uncover approximately 80% of all usability problems”

– Nielsen Norman Group

Sample Size & Reliability

The more people find the same problem, the more reliable the data set becomes.

Multiple Rounds of Testing

Multiple round of testing on 5 different users covers more issues than a single round of testing with the same number of users.

User 1 User 6 User 11 User 1 User 9
User 2 User 7 User 12 User 2 User 10
User 3 User 8 User 13 > User 3 User 11
User 4 User 9 User 14 User 4 User 12
User 5 User 10 User 15 User 5 User 13
User 6 User 14
User 7 User 15




User 8 User 16
of issues of remaining issues of remaining issues


of issues


Selecting the right people

You need to select the participants based on the following criteria:

  1. User Profiles
  2. Personas
  3. General Data about your User base

and factors:

  1. The users understanding of the product.
  2. The Familiarity with the Product or Type of Product.
  3. Amount of overall Experience

And Recruiting criteria:

  1. Sample Size – how many people can you effort to bring in to test.
  2. Characteristics of the user – about the criteria being defined.
  3. Number of Participants for Each Personas or Characteristics.





Quick simple functions Provide the partecipant context and direction
Easily completed without any background information given Set the stage, tell the story
Find the Search button Increase overall understanding
Where would one go to out information about specific terms Help the user apply the situation to themselves
Give them an action to perform


Usability Scenarios

  1. Uses the vocabulary that the participant uses.
  2. The actions are clear and precise.
  3. Provides all the details needed to complete the goal.
  4. Does not provide steps and definitely does not give away the answer.
  5. You would like to buy a car, you would like to lease it for 36 months term with 1500 down. How would you do this?

Rating your results

a. Easy or under a minute to find/answer – – – —2 points

b. Difficult, takes 1-2 minutes to find/answer —-1 point

c. Fail, takes over 2 minutes to find/answer ——0 point