Collaborate Disseminate
In this Help Net Security interview, Jean-Charles Chemin, CEO of Legapass, provides insight into the correlation between maintaining customer trust and protecting sensitive customer data. He emphasizes how a data privacy vault can reinforce customer tr… Continue reading Data privacy vault: Securing sensitive data while navigating regulatory demands
I am trying to secure automatic infrastructure provisioning but I am having a hard time designing a proper access policy that would not create a single point of failure (I tried and failed about a year ago already).
How best to design a pe… Continue reading Permission model for automated infrastructure provisioning
Let’s say I have an e-commerce organization. My organization has two security authorities A and B. The authority A manages access to data related to user orders, and the authority B manages access to data related to user payments.
My organ… Continue reading CVSS3 Scope change question
I would like to know if it is possible, and if it is, how can be seen the ACL (Access Control List) associated to a file in a MacOS context, using command line (not using the GUI "File Information" tab, I mean).
In AWS Cognito we could define a role/permissions as a custom attribute in the user pool, but we could have a User table and a caching database and fetch roles each time the user does a request.
Of course, the first approach avoids an unne… Continue reading Is there a problem to store user permissions in the database instead of in a external auth service?
Access control has become a main concern when it comes to developing secure web applications, and the NSA has a lot to say about it. Especially when it comes to the biggest access management pitfall developers make. In 2021 OWASP listed ‘Broken Access … Continue reading 5 steps to building NSA-level access control for your app
I’m developing a HTTP web server. I’ve used HTTPS as the protocol between client and server but I know that HTTPS can’t prevent parameter tampering.
As we know, we can set parameters in URL, in HTTP header or in HTTP body. So clients could… Continue reading What is a proper way to prevent parameter tampering and to make parameter secure
As per the title. What risks and controls should I consider? Are there any questions i need to ask the external party AD before setting up the ‘Trust’ between the 2 ADs?
Logged failed logins into a company’s Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. Those credentials can then be used log in to any of the organization’s platforms tha… Continue reading A common user mistake can lead to compromised Okta login credentials
Suppose I have an Admin account and a normal user account. There is some functionality that is only accessible to the admin only, like promoting other users. In this scenario, I captured a request from the admin when the admin is promoting… Continue reading Is this considered Privilege Escalation?