Understanding Digital Signatures: More Than Just a Hash
Digital signatures are a cornerstone of modern security practices, ensuring data integrity and authentication in various online communications. But there&
Unlocking Your Tech Success - 5 Essential Lessons
Ever wondered what it takes to thrive in the tech world, not just as a coder but as a tech-savvy
Hawk Authentication bug - Firefox Accounts payload bypassing integrity validation
HawkAuth protocol is widely adopted by Firefox Accounts and appears in Postman in a very short list of supported API
Certificate Pinning is powerful, but you probably shouldn't use it
Let's be clear about Certificate Pinning.
It IS extremely useful.
It IS valid, if you follow 1 rule,
You should have a preference for EV Certificates in 2022 - when most think they are dead
Domain Validated (DV) Certificates may be growing in popularity since the
browsers ceased showing the organisation name along with a
Zero-trust doesn't exist but that's OK
Where zero-trust might exist
1. Scenarios that have no data
2. Scenarios with data that are never connected to power
You don't know OWASP
About a year ago I was just getting involved with the CSA Working Group
[https://cloudsecurityalliance.org/research/contribute/] for
Private AWS S3 - How hard could that be?
Applying private routing to AWS management APIs is hard.
AWS S3 has had some poor press coverage, but to Amazon's credit it has always been subject to authentication by default and not leaked any customer data.
You're probably a Blue Team, not a Red Team
For those unfamiliar with Cybersecurity team colors, there are Blue Teams which
are the defenders, and there are Red Teams
Everything in AWS is an API, is it secure?
EDIT: 2020-08-01 SHA-1 Windows content to be retired
[https://techcommunity.microsoft.com/t5/windows-it-pro-blog/sha-1-windows-content-to-be-retired-august-3-2020/ba-p/1544373]
in 2 days.