Securing

New, old and new-old web vulnerabilities in the Era of LLMs – real-life examples

Dawid Nastaj — Fri, 05 Jul 2024 11:33:25 +0000

What can go wrong in LLM web applications from a security perspective? In this article, you will discover examples of threats and vulnerabilities that can be found in Large Language Model applications. Furthermore, you will learn how we can help to protect your LLM application.

The post New, old and new-old web vulnerabilities in the Era of LLMs – real-life examples appeared first on Securing.

Azure Single Sign-On Case Study #2: Unmasking authentication in Function Apps

Natalia Trojanowska-Korepta — Thu, 13 Jun 2024 11:08:35 +0000

Explore the details of configuring Single Sign-On for Azure Function Apps and discover the potential security risks associated with custom Application ID URIs.

The post Azure Single Sign-On Case Study #2: Unmasking authentication in Function Apps appeared first on Securing.

Azure Single Sign-On Case Study #1: Secure architecture for SPA & API

Natalia Trojanowska-Korepta — Tue, 09 Apr 2024 08:41:20 +0000

A case study of an insecure Single Sign-On architecture followed by a comprehensive guide on how to do it the right way.

The post Azure Single Sign-On Case Study #1: Secure architecture for SPA & API appeared first on Securing.

Web Push Notifications and user-targeted attacks – our research

Dawid Nastaj — Tue, 13 Feb 2024 15:17:29 +0000

Web push notifications are very common – but also not always secure. In this article, you will discover why and how push notifications can be malicious.

The post Web Push Notifications and user-targeted attacks – our research appeared first on Securing.

The year in review: the most interesting Single Sign-On vulnerabilities of 2023

Natalia Trojanowska-Korepta — Thu, 25 Jan 2024 16:31:31 +0000

Check out a summary of 2023’s most interesting Single Sign-On vulnerabilities, and make sure your company is not vulnerable to last year’s security misconfigurations.

The post The year in review: the most interesting Single Sign-On vulnerabilities of 2023 appeared first on Securing.

Using Azure CLI and PowerShell to secure your Storage Accounts

Krzysztof Demczuk — Wed, 17 Jan 2024 09:12:49 +0000

Keeping your cloud infrastructure safe can be tricky. This article shows how to make your environment more secure using Azure CLI and PowerShell for managing the configuration of resources in your subscriptions.

The post Using Azure CLI and PowerShell to secure your Storage Accounts appeared first on Securing.

Manual vs. automated penetration testing – or maybe both?

Yelyzaveta Mariot — Wed, 18 Oct 2023 07:41:57 +0000

This article shows why manual and automated penetration tests are both important and not interchangeable. You will also find a list of pros and cons of two approaches that will help you make the right choice.

The post Manual vs. automated penetration testing – or maybe both? appeared first on Securing.

Penetration Testing for Filestack

Konrad Wrobel — Fri, 21 Jul 2023 10:08:29 +0000

See from the client's perspective what cooperation with us looks like. From the initial interview about the platforms and expectations, through actual security tests up to retests and remediations consulting.

The post Penetration Testing for Filestack appeared first on Securing.

How to prepare an effective threat modeling session

Sebastian Obara — Wed, 17 May 2023 13:24:29 +0000

Every threat modeling session requires thorough preparation. This article will help you create an effective session step by step.

The post How to prepare an effective threat modeling session appeared first on Securing.

Voice Biometrics – how easy is it to hack them with AI Deepfake?

Szymon Chadam — Thu, 04 May 2023 10:26:19 +0000

Voice biometrics are becoming a widely used authentication method. They may be convenient but also vulnerable, especially in the age of AI. Here, you will find my research regarding voice biometrics security.

The post Voice Biometrics – how easy is it to hack them with AI Deepfake? appeared first on Securing.