Best practises regarding authentication in SPA/API solutions with SSO

There is really not that great information on what the best practices are for auth in SPA/API solutions. Most of them just say use JWTs and auth code flow in the SPA. There is a ton of information regarding auth in a SPA where you are requ… Continue reading Best practises regarding authentication in SPA/API solutions with SSO

Trouble understanding hash_extension tool examples for hash length extension attack (C#)

I am trying to follow the example of how a hash length extension attack works using the article here: https://www.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks
In this, the author has a concrete exa… Continue reading Trouble understanding hash_extension tool examples for hash length extension attack (C#)

How to handle data that needs to be simple accessed and at the same time be secure?

I am currently in the process of developing a Teams bot to support commissioners of my company all around the world.
The requirements are for the commissioners to be able to write questions and get responses without any authentication with… Continue reading How to handle data that needs to be simple accessed and at the same time be secure?