Securing https://www.securing.pl/en/ Tue, 29 Oct 2024 09:03:48 +0000 en-US hourly 1 https://www.securing.pl/wp-content/uploads/2020/09/favicon.png Securing https://www.securing.pl/en/ 32 32 Baking Mojolicious Cookies revisited: a case study of solving security problems through security by obscurity https://www.securing.pl/en/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-obscurity/ Tue, 29 Oct 2024 09:03:46 +0000 https://www.securing.pl/?p=13877 Known for its agility and simplicity, the Mojolicious framework is especially valued in niche industries with a Perl heritage. In our recent security assessment, the use of under-the-radar technology introduced unique features and challenges. Learn how we overcame these difficulties.

The post Baking Mojolicious Cookies revisited: a case study of solving security problems through security by obscurity appeared first on Securing.

]]>
Security of External Dependencies in CI/CD Workflows https://www.securing.pl/en/security-of-external-dependencies-in-ci-cd-workflows/ Wed, 09 Oct 2024 12:34:11 +0000 https://www.securing.pl/?p=13672 Use of external dependencies in build processes brings common security risks related to code integrity. But have you considered all of them?

The post Security of External Dependencies in CI/CD Workflows appeared first on Securing.

]]>
Azure Single Sign-On Case Study #3: Secure authentication for Function Apps https://www.securing.pl/en/azure-single-sign-on-case-study-3-secure-authentication-for-function-apps/ Wed, 04 Sep 2024 09:26:58 +0000 https://www.securing.pl/?p=13530 General guidance on Azure Function App authentication setup for different client types.

The post Azure Single Sign-On Case Study #3: Secure authentication for Function Apps appeared first on Securing.

]]>
Light & agile approach to threat modeling https://www.securing.pl/en/light-agile-approach-to-threat-modeling/ Wed, 07 Aug 2024 11:44:49 +0000 https://www.securing.pl/?p=13480 A comprehensive introduction to Who-What-How Threat Modeling methodology.

The post Light & agile approach to threat modeling appeared first on Securing.

]]>
#BYTECATRAZ SecuRing CTF 2024 https://www.securing.pl/en/bytecatraz-securing-ctf-2024/ Fri, 26 Jul 2024 10:01:33 +0000 https://www.securing.pl/?p=13381 The competition, named BYTECATRAZ, took participants into the world of prison challenges. The players' main goal was to escape from prison, helped by their cellmate Maciek.

The post #BYTECATRAZ SecuRing CTF 2024 appeared first on Securing.

]]>
New, old and new-old web vulnerabilities in the Era of LLMs – real-life examples https://www.securing.pl/en/new-old-and-new-old-web-vulnerabilities-in-the-era-of-llms-real-life-examples/ Fri, 05 Jul 2024 11:33:25 +0000 https://www.securing.pl/?p=13268 What can go wrong in LLM web applications from a security perspective? In this article, you will discover examples of threats and vulnerabilities that can be found in Large Language Model applications. Furthermore, you will learn how we can help to protect your LLM application.

The post New, old and new-old web vulnerabilities in the Era of LLMs – real-life examples appeared first on Securing.

]]>
Azure Single Sign-On Case Study #2: Unmasking authentication in Function Apps https://www.securing.pl/en/azure-single-sign-on-case-study-2-unmasking-authentication-in-function-apps/ Thu, 13 Jun 2024 11:08:35 +0000 https://www.securing.pl/?p=13131 Explore the details of configuring Single Sign-On for Azure Function Apps and discover the potential security risks associated with custom Application ID URIs.

The post Azure Single Sign-On Case Study #2: Unmasking authentication in Function Apps appeared first on Securing.

]]>
Azure Single Sign-On Case Study #1: Secure architecture for SPA & API https://www.securing.pl/en/azure-single-sign-on-case-study-1-secure-architecture-for-spa-api/ Tue, 09 Apr 2024 08:41:20 +0000 https://www.securing.pl/?p=12743 A case study of an insecure Single Sign-On architecture followed by a comprehensive guide on how to do it the right way.

The post Azure Single Sign-On Case Study #1: Secure architecture for SPA & API appeared first on Securing.

]]>
Web Push Notifications and user-targeted attacks – our research https://www.securing.pl/en/web-push-notifications-and-user-targeted-attacks-our-research/ Tue, 13 Feb 2024 15:17:29 +0000 https://www.securing.pl/?p=12463 Web push notifications are very common – but also not always secure. In this article, you will discover why and how push notifications can be malicious.

The post Web Push Notifications and user-targeted attacks – our research appeared first on Securing.

]]>
The year in review: the most interesting Single Sign-On vulnerabilities of 2023 https://www.securing.pl/en/the-year-in-review-the-most-interesting-single-sign-on-vulnerabilities-of-2023/ Thu, 25 Jan 2024 16:31:31 +0000 https://www.securing.pl/?p=12386 Check out a summary of 2023’s most interesting Single Sign-On vulnerabilities, and make sure your company is not vulnerable to last year’s security misconfigurations.

The post The year in review: the most interesting Single Sign-On vulnerabilities of 2023 appeared first on Securing.

]]>