Security Boulevard

Your API Has Authorization Bugs. Hadrian Finds Them.

Authorization vulnerabilities are the most common critical finding in our API penetration tests. We find them on nearly every ...
Visual Studio Magazine

BFF and SPAs: Best Friends Forever

Christian Wenz explains why the Backends for Frontends (BFF) pattern is emerging as a more secure authentication model for single-page applications.
Dark Reading

When Good Tokens Go Bad

Tokens are an identity's crown jewel for digital authentication and authorization. Whether they are human or machine, and instantiated as API tokens, OAuth credentials, session tokens, or ephemeral ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
InfoWorld

Build an authentication handler for a minimal API in ASP.NET Core

ASP.NET Core offers a simplified hosting model, called minimal APIs, that allows us to build lightweight APIs with minimal dependencies. However, “minimal” doesn’t mean minimal security. Minimal APIs ...
ZDNet

Microsoft: Hackers are using this 'concerning' tactic to dodge multi-factor authentication

Microsoft has outlined several mitigations to protect against attacks on multi-factor authentication that will unfortunately make life more difficult for your remote workers. Three years ago, attacks ...
Infosecurity-magazine.com

Comment: Two-factor Authentication – World of the Token Necklace

Security breaches are on the up – we all know that – and they are set to get worse. In order to interact with suppliers online, organizations will be expected to have stronger authentication, which is ...
Infosecurity-magazine.com

Hard, Soft, or Smart? Evaluating the Two-Factor Authentication Options

Le Brun asks: "Technology has moved on, so isn’t it about time to kill off the hardware token?" The cost of 2FA First, let’s cover the basics. Two-factor authentication (2FA) is where a user’s ...