Collaborate Disseminate
Have there been any attacks (or can you think of a potential attack) that hinged on being able to figure out if a user exists in a system?
For example, in a web app there is a “Reset password” page where you enter an email a… Continue reading What attacks are possible if you can scrape a list of users?
So I am familiar with badusb or rubber ducky attacks, I lack possession of one currently to test any of my questions.
Essentially my question is can you mitigate rubber ducky attacks using windows user privlages? for exampl… Continue reading Rubber ducky windows mitigation
Isn’t it scientifically proven that men and women have very different psychologies? So that, at least they must have different attitudes towards security policies and guidelines compliance. All of that must have affect on soc… Continue reading Why threat modelling and risk planning does not consider the sex of users?
For a university project of mine I am making a password manager online and I want to be able to store user’s passwords on my server without being able to access it myself. Here is what I intend to do:
encrypt users’ passwor… Continue reading storing user’s information without been able to access it
I’m working on a set of applications that require authentication and authorization.
Can you point me in the right direction to some architecture design for this when I want to have multiple services running and how to exactly manage serv… Continue reading Identity and Access Management (IAM/IdAM) deployment guide
A typical account creation process seems to be:
Provide email address and set a password
Receive confirmation email with a link and/or hashed token
Click the link to verify and/or enter the token on the site
However, I once read somewher… Continue reading Should email verification be followed by password-based login? Why?
I’m trying to implement some security access control in a software I’m building. I came across Stormpath for user management and they have somewhat an approach for RBAC yet what I was considering is to rely on XACML for ABAC … Continue reading Can I use stormpath user management service with a XACML library like BALANA?
I’m trying to implement some security access control in a software I’m building. I came across Stormpath for user management and they have somewhat an approach for RBAC yet what I was considering is to rely on XACML for ABAC … Continue reading Can I use stormpath user management service with a XACML library like BALANA?
Within the design of my web application, I am trying to now choose the final steps of the members profiles for security. *I need to choose if I should use a system which you login with a username or email, and which is more secure?
With t… Continue reading Log in with email is more secure than a username?
I had a conversation today and someone challenged me as to why you would need to verify the identity of a user calling a service desk with anything other than their company email. Granted, I know these can be spoofed, but the upper-level e… Continue reading Best practices for verifying a users identity for helpdesk