Applications
The latest security technology and best practices to secure software applications, vulnerabilities and code.
-
OAuth: Your Guide to Industry Authorization
Nearly a decade ago, the cyber industry was toiling over how to enable access for users between applications and grant access to specific information about the user for authentication and authorization purposes. Enter authorization-focused OAuth 2.0 and authentication-focused OpenID Connect (OIDC). In the last decade, organizations adopted OAuth and its companion OIDC to enable customers…
-
Point-of-Sale (POS) Security Measures
It’s a tough time to be a retailer. Massive point-of-sale (POS) breaches continue to make headlines on a regular basis, and they can have a significant impact on consumers’ trust in a company and its brand. Just recently, the Hudson’s Bay Company (HBC), owner of retailers Saks Fifth Avenue, Saks OFF 5th and Lord…
-
SolarWinds Hack Defenses: Protecting Against ‘Solorigate’ TTPs
A March 2020 software update of the SolarWinds Orion management platform gave malicious actors unhindered access to key government and enterprise networks. Microsoft has dubbed the infamous supply chain compromise of SolarWinds as “Solorigate.” In December, eSecurity Planet detailed FireEye’s initial findings, implications for the industry, and how to mitigate similar attacks. Since then, much…
-
How to Defend Common IT Security Vulnerabilities
IT security pros have never faced more threats, whether it’s from the huge increase in remote work or aggressive nation-state sponsored hackers like those involved in the SolarWinds breach. While there will always be new holes to plug, security vulnerabilities usually stem from the same few causes: unpatched vulnerabilities, misconfigurations or user error, and even…
-
What Is Single Sign-On?
Single sign-on (SSO) solutions let an end user log in just once and access all the resources and applications they need.?SSO systems make it easy to authenticate the user once and thereafter be automatically authenticated when accessing related systems. Thus, SSO eliminates the hassle of separately signing on to multiple applications and systems. One set…
-
DevSecOps Training & Best Practices
Many thought the term “DevOps” was just another buzzword. But its usage and application have grown to such a degree that it can now be considered part of mainstream technology vocabulary. And now security teams and vendors have piggybacked onto that popularity with a whole new term – DevSecOps. Will it catch on to…
-
Container & Kubernetes Security Best Practices
Containers are an increasingly popular way to deploy applications because of the improved efficiency and agility they offer. Container technologies include multiple native security attributes, but they also introduce a number of security challenges that organizations need to consider. The growing popularity of the open source Kubernetes container orchestration platform for deploying and managing containers…
-
How to Control API Security Risks
The enterprise use of APIs (application programming interfaces) is exploding, as more and more businesses embark on digital transformation and look for ways to make money by exposing their data to outsiders through apps, websites, and other third-party integrations. The downside to all those APIs is they can pose a major IT security risk. “APIs…
-
Privileged Access Management (PAM) Meaning
Privileged accounts pose a serious security problem. Anyone who has access to one has the potential to use those administrative privileges to harm your organization in a number of ways, such as altering data, deleting or downloading databases, or creating unauthorized new administrative accounts. The security risk is not just a theoretical one: Recent security…
