Innhold om Sikkerhet
Totalt 93 innlegg
Side 4 av 7
Merry Christmas
As you open the final post of this year's security.christmas, we logout of our social media accounts, shut down Slack (or mute it for a while at least) and put away our thin foil hats.
As you open the final post of this year's security.christmas, we logout of our social media accounts, shut down Slack (or mute it for a while at least) and put away our thin foil hats.
Ransomware, an introduction
If you haven't lived under a rock the last couple of years, the term Ransomware isn't something new. It grinds the largest corporations to a complete halt and can take months to recover from. But how does it really work? And how should you protect yourself?
If you haven't lived under a rock the last couple of years, the term Ransomware isn't something new. It grinds the largest corporations to a complete halt and can take months to recover from. But how does it really work? And how should you protect yourself?
People we follow
On one of the darkest Sundays of the year, we again take a step back, and give you another list of interesting people we follow. Today we pay respect to a few people that deserve to be listened to. Of course there are others, but these stand out.
On one of the darkest Sundays of the year, we again take a step back, and give you another list of interesting people we follow. Today we pay respect to a few people that deserve to be listened to. Of course there are others, but these stand out.
Safe travels for the road warrior
In business travel, a road warrior is a person that uses mobile devices such as tablet, laptop, smartphone and internet connectivity while traveling to conduct business. The term spawns from the movie Mad Max 2, starring Mel Gibson.
In business travel, a road warrior is a person that uses mobile devices such as tablet, laptop, smartphone and internet connectivity while traveling to conduct business. The term spawns from the movie Mad Max 2, starring Mel Gibson.
Who is your security champion?
We all know it; application security is a shared responsibility and everyone in the team should act according to the secure lifecycle development process. But our experience is that security is one of the first non-functional requirements that are dropped when deadlines approaches or when management is setting up a budget for the next period.
We all know it; application security is a shared responsibility and everyone in the team should act according to the secure lifecycle development process. But our experience is that security is one of the first non-functional requirements that are dropped when deadlines approaches or when management is setting up a budget for the next period.
OWASP, but there is more
The Open Web Application Security Project, or OWASP, is mostly know for it's Top Ten Project which covers the most critical web application security risks. They als maintain one of most popular free security tool, the OWASP Zed Attack Proxy. But there is more, so much more. In this post we cover some of our favorite tools by the OWASP project and how we use them.
The Open Web Application Security Project, or OWASP, is mostly know for it's Top Ten Project which covers the most critical web application security risks. They als maintain one of most popular free security tool, the OWASP Zed Attack Proxy. But there is more, so much more. In this post we cover some of our favorite tools by the OWASP project and how we use them.
Tor, the onion router
Does the US government sponsor the development of the darknet? What is The Onion Router project and why should you be anonymous on the internet?
Does the US government sponsor the development of the darknet? What is The Onion Router project and why should you be anonymous on the internet?
The problem with IoT and random
“The s in IoT stands for security” is a joke as old as the shared code base used in your IoT web-camera. Usually we mock IoT for having little or bad security, but the real issue is perhaps that IoT can't have good security.
“The s in IoT stands for security” is a joke as old as the shared code base used in your IoT web-camera. Usually we mock IoT for having little or bad security, but the real issue is perhaps that IoT can't have good security.
WebAuthn - The simplest way to 2FA
We've covered FIDO2 in this year's eleventh calendar post, and with FIDO2 available the internet has all the tools need to lighten the load of the password. One of its results is the Web Authentication(WebAuthn) API, simplifying FIDO2 authentication for web browsers. Here are the basics to get started with a wide range of authenticators on your website.
We've covered FIDO2 in this year's eleventh calendar post, and with FIDO2 available the internet has all the tools need to lighten the load of the password. One of its results is the Web Authentication(WebAuthn) API, simplifying FIDO2 authentication for web browsers. Here are the basics to get started with a wide range of authenticators on your website.
Stuff we read - sunday reading
Bulletproof hosting
When hearing about security breaches and typically cybercrime, one is sometimes left wondering, where are these servers hosted and why can't they be stopped?
When hearing about security breaches and typically cybercrime, one is sometimes left wondering, where are these servers hosted and why can't they be stopped?
Get your client side reports together!
Reporting API. That sounds really cool! Or really boring you say? This is one of the W3C-drafts that may not have gotten the attention it deserves so let's take a look!
Reporting API. That sounds really cool! Or really boring you say? This is one of the W3C-drafts that may not have gotten the attention it deserves so let's take a look!
Reverse tabnabbing
In a phishing attack the attacker will try to steal user data, e.g. login credentials. Reverse tabnabbing is a phishing method, and here we will try to explain what it is and how it can be prevented.
In a phishing attack the attacker will try to steal user data, e.g. login credentials. Reverse tabnabbing is a phishing method, and here we will try to explain what it is and how it can be prevented.
FIDO2 - the Answer to the World's Password Problem
Responsible disclosure
You double checked, triple checked, even quadruple checked, and it is really there! You have just found a vulnerability in someone else's system. Maybe you just got access to something you shouldn't have, you can prove that an attacker could easily take down the system, or you found your way around the payment process in a shop. Whatever the bug, you now need to disclose it, but in a responsible manner.
You double checked, triple checked, even quadruple checked, and it is really there! You have just found a vulnerability in someone else's system. Maybe you just got access to something you shouldn't have, you can prove that an attacker could easily take down the system, or you found your way around the payment process in a shop. Whatever the bug, you now need to disclose it, but in a responsible manner.