Security

Topics relating to application security and attacks against software.

AzureFunBytes - Microsoft Identity with Christos Matskas!

AzureFunBytes is a weekly opportunity to learn more about the fundamentals and foundations that make up Azure. It’s a chance for me to understand more about what people across the Azure organization do and how they do it. Every week we get together at 11 AM Pacific / 2 PM Eastern on Microsoft LearnTV and learn more about Azure.

Working with Azure AD B2C in ASP.NET

In this episode, Christos get together with our friend JP to show us how to integrate Azure AD B2C into our .NET applications.

NextAuth.js - Authentication for Next.js

NextAuth.js is a complete open source authentication solution for Next.js applications. It is designed from the ground up to support Next.js and Serverless.

Why and How to Get Started with Next Auth?

Why and how to get started with Next auth? Google authentication with Next.js - Why should you choose Next auth? If you are already using something like firebase then why should you use Next Auth?

Automated AWS Elastic IP monitoring with Shodan

Automated AWS Elastic IP monitoring with Shodan. Our solution - a lambda function crawls all the existing Public IPv4 addresses from AWS services and checks them with Shodan for security.

How to Create Row Level Security with Microsoft Azure

In this demo, we’ll show you how to add rules to enable full and partial dynamic data masking as well as how to easily create row level security with Azure.

Working with Azure AD B2C in ASP.NET

Azure AD B2C enables your applications to authenticate to social accounts and enterprise accounts using open standard protocols. In this episode, Christos get together with our friend JP to show us how to integrate Azure AD B2C into our .NET applications.

Boosting Security for Apache Kafka with Confluent Cloud Private Link ft. Dan LaMotte

Confluent Cloud isn’t just for public access anymore. As the requirement for security across sectors increases, so does the need for virtual private cloud (VPC) connections. It is becoming more common today to come across Apache Kafka® implementations with the latest private link connectivity option.

Securing your rest API with SpringSecurity

In this tutorial, we'll learn Securing your rest API with SpringSecurity. If only I had known about it before.

Intro to Service Principals with Peter De Tender

AzureFunBytes is a weekly opportunity to learn more about the fundamentals and foundations that make up Azure. It’s a chance for me to understand more about what people across the Azure organization do and how they do it. Every week we get together at 11AM Pacific on Microsoft LearnTV and learn more about Azure.

OAuth in 2021 – What’s up?

This talk looks at the latest revision of OAuth called OAuth 2.1, and picks out a couple of useful additional specification that help you improve the security of your token-based systems. Expect information on key rotation, the JWT profile, resource indicators, JAR & PAR and proof of possession access tokens.

Secure Sessions in JavaScript: Forking Express-Session to Improve Security

Secure Sessions in JavaScript: Forking Express-Session to Improve Security. Secure Sessions in JavaScript: Forking Express-Session to Improve. Use express-session in Saasform, but we weren't ok with the security. This article focuses on sessions and how we forked express-session to make it more secure.

What I Learned About Automation From Complying With AWS Security Requirements

What I Learned About Automation From Complying With AWS Security Requirements. This is a summary of what I have learned from working with the automated tool securiCAD and compliantly with AWS Security Requirements.

Adding Security to Testing to Enable Continuous Security Testing

Teams can be trained by security experts to become able to identify areas to add security testing in the test process and add security checks as part of functional test automation. This can lead to continuous security testing where security defects can be spotted at an early stage with higher security testing coverage in every release.

Time to Hack - Cracking Passwords Using Only Timing Information

Security in programming is insanely difficult to achieve. In this video, we take a look at a class of attacks called "Timing Attacks" that use the amount of time that it takes a server to respond in order to gather secret information from the server.

AzureFunBytes Episode 42 - Hybrid Cloud on Azure with @ThomasMaurer

AzureFunBytes is a weekly opportunity to learn more about the fundamentals and foundations that make up Azure. It’s a chance for me to understand more about what people across the Azure organization do and how they do it. Every week we get together at 11 AM Pacific on Microsoft LearnTV and learn more about Azure.

Approaches To Authorization in Server Applications: Activity-Based Access Control Framewor

In this tutorial, we'll learn Approaches To Authorization in Server Applications: Activity-Based Access Control Framewor.

Is Your Cloud Infrastructure Securely Configured?

Is your Cloud infrastructure securely configured? With this new Code Risk Analyzer component of IBM Cloud Continuous Delivery, you can now scan the compliance of your infrastructure-as-code and make sure that any planned changes to your account are compliant with NIST regulations.

What is Information Security ? | Information Security Explained in 5 mins

Great Learning brings you this video on “What is Information Security? Explained in 5 minutes!” In these 5 minutes, we aim to give a concise and brief understanding of information security and how it works. This video starts with an introduction to infosec, followed by understanding its need. Then we look at the CIA triad - Confidentiality, Integrity, Availability. Finally, we look at information security policies!

Privilege Escalation with Polkit: How to Get Root on Linux With A Seven-year-old Bug

Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug. The bug I found was quite old. It was introduced seven years ago in commit bfa5036 and first shipped with polkit version 0.113. Privilege escalation with polkit. polkit is a system service installed by default on many Linux distributions.