Securing

New Year, New IAM: A reasonable approach to Identity and Access Management in 2025

Natalia Trojanowska-Korepta — Tue, 17 Dec 2024 14:45:25 +0000

As 2024 ends, it's the perfect time to reflect on what 2025 might bring for Identity and Access Management (IAM). This article offers practical New Year's resolutions to enhance your company's IAM security with achievable goals.

The post New Year, New IAM: A reasonable approach to Identity and Access Management in 2025 appeared first on Securing.

Making iOS apps secure with iOS Security Suite (ISS)

Wojciech Reguła — Wed, 11 Dec 2024 14:44:28 +0000

iOS Security Suite (ISS) is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift!

The post Making iOS apps secure with iOS Security Suite (ISS) appeared first on Securing.

Red Teaming in practice: Physical Security Testing tutorial

Julia Zduńczyk — Tue, 05 Nov 2024 19:54:57 +0000

Red teaming represents a unique approach to assessing an organization's security posture. Learn how to hack access control systems and RFID readers and break into organizations with style.

The post Red Teaming in practice: Physical Security Testing tutorial appeared first on Securing.

Baking Mojolicious Cookies revisited: a case study of solving security problems through security by obscurity

Jakub Kramarz — Tue, 29 Oct 2024 09:03:46 +0000

Known for its agility and simplicity, the Mojolicious framework is especially valued in niche industries with a Perl heritage. In our recent security assessment, the use of under-the-radar technology introduced unique features and challenges. Learn how we overcame these difficulties.

The post Baking Mojolicious Cookies revisited: a case study of solving security problems through security by obscurity appeared first on Securing.

Security of External Dependencies in CI/CD Workflows

Jakub Kramarz — Wed, 09 Oct 2024 12:34:11 +0000

Use of external dependencies in build processes brings common security risks related to code integrity. But have you considered all of them?

The post Security of External Dependencies in CI/CD Workflows appeared first on Securing.

Azure Single Sign-On Case Study #3: Secure authentication for Function Apps

Natalia Trojanowska-Korepta — Wed, 04 Sep 2024 09:26:58 +0000

General guidance on Azure Function App authentication setup for different client types.

The post Azure Single Sign-On Case Study #3: Secure authentication for Function Apps appeared first on Securing.

Light & agile approach to threat modeling

Sebastian Obara — Wed, 07 Aug 2024 11:44:49 +0000

A comprehensive introduction to Who-What-How Threat Modeling methodology.

The post Light & agile approach to threat modeling appeared first on Securing.

#BYTECATRAZ SecuRing CTF 2024

Maksymilian Wiese — Fri, 26 Jul 2024 10:01:33 +0000

The competition, named BYTECATRAZ, took participants into the world of prison challenges. The players' main goal was to escape from prison, helped by their cellmate Maciek.

The post #BYTECATRAZ SecuRing CTF 2024 appeared first on Securing.

New, old and new-old web vulnerabilities in the Era of LLMs – real-life examples

Dawid Nastaj — Fri, 05 Jul 2024 11:33:25 +0000

What can go wrong in LLM web applications from a security perspective? In this article, you will discover examples of threats and vulnerabilities that can be found in Large Language Model applications. Furthermore, you will learn how we can help to protect your LLM application.

The post New, old and new-old web vulnerabilities in the Era of LLMs – real-life examples appeared first on Securing.

Azure Single Sign-On Case Study #2: Unmasking authentication in Function Apps

Natalia Trojanowska-Korepta — Thu, 13 Jun 2024 11:08:35 +0000

Explore the details of configuring Single Sign-On for Azure Function Apps and discover the potential security risks associated with custom Application ID URIs.

The post Azure Single Sign-On Case Study #2: Unmasking authentication in Function Apps appeared first on Securing.