Orospor Insights
Field notes from the frontline
Examination integrity, secure infrastructure, cryptography, and cyber defense — direct, technical, and honest about what is solved and what is not.
Cyber Defense 6
The Next Web Server: Why the Market Is Still Open
Apache won on extensibility, Nginx on concurrency, LiteSpeed on PHP throughput. Each won by being decisively better at one thing. The next one wins on security — as architecture, not configuration.
Hardening WordPress Against Application-Layer DoS: The Complete Guide
Application-layer DoS does not exploit a bug — it abuses normal behaviour faster than your server can keep up. Here is the defense, layer by layer, from the CDN edge to PHP-FPM.
WordPress Search Is a DoS Vector Nobody Talks About
Everyone worries about the contact form. Meanwhile the search box — built into core, on by default, on 40% of the web — quietly exhausts both your PHP workers and your database.
167 Bytes That Take Down a WordPress Site
Most vulnerabilities need a PhD to understand. This one needs a 167-byte request, a $5 VPS, and the asymmetry between what an attacker sends and what your server does with it.
The Cloudflare Myth: "Behind Cloudflare" Is Not the Same as Safe
Being behind Cloudflare stops volumetric DDoS. It does almost nothing for an attack aimed at your PHP worker pool — because the CDN never even sees the problem.
Zero Trust for High-Stakes Platforms, in Plain Language
Zero trust got buried under vendor jargon. Stripped back, it is one stubborn idea: stop trusting things just because they are already inside your network.
Examination Integrity 10
Introducing OroStat: Rootkit-Resistant Exam Monitoring From Below the OS
A monitoring tool that asks the operating system what is running gets back exactly the answer a kernel rootkit wants it to hear. OroStat stops asking the OS — and watches from a layer the rootkit cannot reach.
Running a Remote Exam Candidates Can't Game: An Honest Checklist
Most "secure exam" checklists are written by the vendors selling the boxes you tick. Here is a candid one — what stops cheating, what only looks like it does, and where to spend.
Exam Fraud Is Not a Technical Problem. It Is an Ecosystem Problem.
Detection technology is necessary but not sufficient. Why stopping organised exam fraud also needs credible consequences, shared intelligence, real legal frameworks, and better exam design.
Browser Lockdown Is Not Enough (and Never Really Was)
Lockdown browsers were built to stop a candidate opening a new tab. The threat moved on. Here is why locking the browser misses where modern exam cheating actually happens.
The Fingerprint That Exam Fraud Leaves Behind
Organised exam fraud depends on a small pool of expert solvers — and people leave patterns. How cross-session analysis turns that constraint into a detection mechanism that gets stronger over time.
What the Proctor Actually Sees — and What They Never Will
A human proctor watching a grid of video feeds is doing a harder job than most people assume. Here is what that job can realistically catch, and what is simply out of frame.
Designing Exams That Resist AI Without Punishing Honest Students
You cannot out-monitor a tool that fits answers into the gaps of a webcam feed. But you can design assessments where a looked-up answer is worth surprisingly little.
Why Remote Proctoring Cannot See What It Needs to See
Every proctoring tool built on screen sharing is blind to a whole category of cheating — by design. A plain-English explanation of the architectural limitation, and the only way around it.
The Exam Is Over. The Cheating Just Got Smarter.
A new generation of AI exam-assistance tools hides answers in plain sight — invisible to every proctoring product built on screen sharing. Here is how the arms race actually works.
The Real Cost of a Compromised Certification
A single fraudulent pass rarely makes the news. The damage is slower and bigger: every credential you have ever issued becomes a little less believable.
Cryptography & Privacy 2
Post-Quantum Cryptography for Exam Delivery: Why Bother Now
No quantum computer can break today's encryption today. So why are serious teams already migrating? Because the data you protect now is being recorded for later.
Identity Verification Without the Creepy Surveillance
Confirming a candidate is who they claim to be does not require harvesting their biometrics forever. The privacy-invasive version is often the lazy one, not the secure one.
Engineering 2
Open Source as a Trust Strategy, Not a Cost-Saving
Most companies open-source code to save money or attract contributors. For integrity software, there is a stronger reason: a claim no one can independently check is just marketing.
Exam Infrastructure That Doesn't Fall Over on Results Day
The hardest moment for an exam platform is not a quiet Tuesday. It is the synchronised stampede when thousands of candidates start the same high-stakes test at 9am.
Have a high-stakes platform to protect?
From examination integrity to application-layer defense, our team builds and hardens systems that cannot afford to fail.