Web Application Security

Overview

Web Applications are the dominate form of how most of us interact with data. From the early days of the world-wide-web where it was a read-only view of data we have evolved to highly dynamic 2-way real-time views of everything we hold dear.

Securing a web application is complex owing to the many risks. And, it is certainly an area many sites can improve.

https://www.youtube.com/watch?v=pKlN2tp4mvs

Web Application Security 101 (https://www.youtube.com/watch?v=pKlN2tp4mvs)

Re-Using your Multi-Factor Authentication To Prove Humanity

Don Bowman 2021-05-16 web app security

Spam. The cat and mouse game of advertisers seeking to reach more people for less cost, and, people seeking to spend more to not be reached. The current state of the art in proving “I am not a spam-sending robot” is the …

Angular Content-Security-Policy Complex Nonce: Google Tag Manager

Don Bowman 2021-02-07 Defense-In-Depth, web app security

Content-Security-Policy protects our application, but challenging with external scripts like Google Tag Manager. We show in Angular Single Page Application.

Let’s Encrypt X3 to R3 and Certificate Transparency Logs

Don Bowman 2021-01-16 web app security

Certificate Transparency Logs in SSL can be a useful diagnostic tool as well as a security forensic.

OAuth 2.0 Protected Resource Threats

Don Bowman 2021-01-14 Zero-Trust Network Access, web app security

The OAuth 2.0 protected resource. It takes the access token and uses it to grant access. Watch out for it becoming compromised.

OAuth 2.0 Refresh Token Threats

Don Bowman 2021-01-13 Zero-Trust Network Access, web app security

OAuth 2.0 refresh tokens are used to obtain new access tokens on the user’s behalf. If lost, they can allow an attacker to masquerade.

OAuth 2.0 Token Endpoint Threats

Don Bowman 2021-01-12 Zero-Trust Network Access, web app security

The OAuth 2.0 Token Endpoint. Its were authorisation becomes real. Secure it to prevent guessing