Spam. The cat and mouse game of advertisers seeking to reach more people for less cost, and, people seeking to spend more to not be reached. The current state of the art in proving “I am not a spam-sending robot” is the captcha. Do you love the captcha? Me neither. Do you sometimes fail it? Me too!
web app security
Web-Applications are the future. Any device, any location. Security principles are different, threats are new, but overall its simpler and better.
Content-Security-Policy protects our application, but challenging with external scripts like Google Tag Manager. We show in Angular Single Page Application.
OAuth 2.0 has simplified authentication and authorisation for many applications, shifting from custom code to simple library import. However, as more applications come to rely on it, this makes its weaknesses more interesting. An attacker can gain access to a broader set of data via a smaller set of tactics and techniques. First lets understand the threat areas, and then, the best current practices for addressing them.
Access your on-premise Kronos from any user, from any device, from any network. Increased security, increased simplicity. Zero Trust Networking.
Many API’s, Agilicus’ included, use OpenAPI to specify how they function. Authentication of these is usually left out of scope, but, provided as a bearer token. This means that if you write a web application, you want to directly use the RESTful API’s, and you do so by first authenticating via OpenID Connect PKCE flow and remembering the access token.
Your corporate firewall. That invulnerable bastion that lets you fearlessly run less-than-secure internal tools like a CRM, a Finance portal. But, is it really invulnerable? Or is it a paper wall at best? We look at how Cross-Site-Scripting vulnerabilities, known session ID cookies or access tokens can allow content from the world to pierce it as if it were not there. We do this using the weakest link: you.
My personal site had a permissive content-security-policy. This allowed malicious adware injectors to grafitti it up. I fixed mine, fix yours today.
Your basement is full of servers running Microsoft IIS with .NET applications, chatting with local databases. You’ve read casually online about Cloud Native, Kubernetes, Containers, Docker. But this doesn’t apply to you, right? I mean, maybe in the future for new things,… Read More »Free Your Applications: Ditch the IIS, Move Your .NET Apps To the Cloud. Safely. Securely. Simply
Use your desktop chrome to find software with security flaws on the sites you visit. And then fix (if your own) or notify (if not). Be part of the security solution.
Let’s Encrypt. It makes it simple and free to have decent TLS security.
But the staging environment intermediate cert is (rightly) not trusted. How can you safely use this? Find out!