Collaborate Disseminate
With this year’s World Password Day upon us, it’s high time to take a good look at the critical infrastructure sector and the password-related security vulnerabilities that are in dire need of an update. While modern utility systems become increasingl… Continue reading Passwords a Threat to Public Infrastructure
I am comparing implementation complexity of JWS and Client Certificate and troubleshooting Client Certificate at the same time.
I understand that both methods require to prove that the certificate (x5c in JWS or the actual Client Certifica… Continue reading Verification of certificate trustworthiness (e.g. in JWS and Client Certificate)
After Experian fixed a weakness at a partner website that let anyone view credit scores for nearly every American by just inputting a name and address, questions remain about whether the same problem exists with other partners, and how widespread the … Continue reading Experian API Leaked Credit Scores
The COVID-19 pandemic has driven the world online in remarkable ways, forever changing the way we work, learn, and interact. The increased reliance on mobile applications is starkly apparent; mobile app usage grew 40% year-over-year in the second quar… Continue reading Research Shows Glaring Mobile App Security Issues
Happy second birthday to ZeroNorth! Today marks two years of our ongoing dedication to helping organizations build and…
The post ZeroNorth’s DevSecOps Platform Makes Another Journey Around the Sun! appeared first on ZeroNorth.
The post ZeroNorth’s DevS… Continue reading ZeroNorth’s DevSecOps Platform Makes Another Journey Around the Sun!
Securing mobile devices and mobile applications is a nuisance. Security best practices dictate having authentication methods to log in and open the device, and that users should log off every app after each use. Best practices, however, are inconvenie… Continue reading Contextual Biometrics for Improved Application Security
Leveraging the human factor via social media to launch cyberattacks is a tried-and-true method, and one that will be with us for many more years to come. The recent LinkedIn attacks, where malicious actors used fake profiles linked to hostile states t… Continue reading LinkedIn Attacks Show Dangers of Professional Networking
As the COVID-19 pandemic took over the world, more and more businesses rushed to the cloud without taking into consideration the security issues that could result from rapid deployment. There is no doubt that moving to the cloud has a wealth of benefi… Continue reading Best Practices for Securing Modern Applications
We have desktop software that we install and run on remote, unattended machines. The software needs to hit API endpoints on our server. What is the best way to secure those endpoints to ensure that only our software can call them? We may o… Continue reading Securing APIs used by remote devices
Something about the flow of setting up 2-factor authentication is not clear to me.
This is the flow of setting up a Service* to use a 2-factor auth app**:
Choose setup 2-factor auth in the account security section. This shows up with a lo… Continue reading How do Services recognise 2-Factor Authentication codes as correct?