Collaborate Disseminate
Let’s assume we have REST API in which you accept GET and POST HTTP requests without the ability to execute files.
Is it possible to execute malware in this scenario?
Would there be any justifiable benefit of malware scanning of such endp… Continue reading Is malware a threat vector for REST APIs?
I’m looking to setup an integration between GitHub and Service Now and I can use OAuth2 using JWT Tokens, the steps to take can be found here.
There is a specific step that states:
Create a CA signed certificate using the GitHub App priva… Continue reading Implications of using a self-signed certificate to sign JWT tokens in OAuth
I’m trying to understand the different between disk encryption and volume encryption, more specifically as it relates to SAP HANA, link here.
From my understanding Disk Encryption prevents the threat where someone physically disks your ser… Continue reading Difference between Disk Encryption and Volume Encryption?
It seems when SQL TDE is implemented certificates are used to protect the keys used to encrypt the data. What would be the benefits of using a CA signed certificate in this scenario over a self-signed certificate?
Continue reading SQL TDE – Benefits of using CA Signed Certificates over Self-Signed Certificates
My organisation mandated that Windows Domain Service accounts internally should not have the “Allow log on locally” permission, and essentially be non-interactive.
What exactly is the potential risk for enabling this policy for a service … Continue reading Risk around "Allow log on locally" for Domain Service Accounts
In the scenario where “Application A” wants to communicate with “Application B” over an API (HTTPS), I want to ensure mutual authentication is implemented. Meaning that “A” should authenticate “B” before it authenticates itself. A CA signe… Continue reading Does TLS provide server authentication by default?
I’m looking into implementation of SOAP API’s and understanding the security of these when using utilizing them on internet facing endpoints.
Regarding the security of data sent to these API’s, from research it seems two common options ar… Continue reading Do you need TLS when using WS-Security?
Mutual authentication between application interfaces are mandated in my place of work.
We are looking to implement a vendor provided software where they are installing two “components” on a single Windows Server. One is an A… Continue reading Implementing mutual authentication between two components on the same server
Trying to get a clear understanding of what makes a AD domain service account non-interactive and how this is done?
I require a service e account with “logon as a service” and “logon as a batch” for a service account on a I… Continue reading What is a non-interactive service account? [migrated]