What is an authorization matrix? How to implement it? If those are some questions you need to answer, you’re at the right place. In today’s article, we cover how to test the Authorization Matrix.
What is Web Cryptography API?
Before getting down to today’s topic, Web Cryptography API, note that all the photos below are available here1https://github.com/ExcelliumSA/WebCryptographyAPI-Study/tree/main/post in better quality.
Anyone developing a web application with a front-end may need to perform cryptographic operations like hashing, encryption, signatures on the client-side (JavaScript code). The habits lead to import and use popular external libraries like crypto-js21. https://www.npmjs.com/package/crypto-js in order to be portable across all targeted browsers:
10 CSOC tools for simplifying your daily life as a CSOC Analyst
CSOC Tooling
Working as a CSOC analyst is becoming more complex, with alert volumes increasing rapidly as perimeters are integrated, tools, regulatory constraints, and the need to detect suspicious behaviour as quickly as possible.
Increasing the number of analysts to solve these problems would seem utopian as cybersecurity skills are increasingly sought after and consequently hard to obtain. Even though attracting talent must continue to be a major challenge, implementing good CSOC tools to simplify daily life is also critical. As is usually the case with the triptych: process, competent personnel, and technology, which must be adjusted to implement an efficient CSOC. As a result, the technology part of this article will focus on the CSOC tooling.
How to evaluate an “OAuth/OpenID Connect” system from a security point of view?
This post presents a collection of security-oriented validation points that should be verified on a system using OAuth/OpenID Connect (OpenID Connect will be called OIDC in the rest of the post). Therefore, it assumes you are familiar with all the concepts related to OAuth/OIDC. All references to OAuth refer to OAuth 2.0.
If it is not the case then you can refer to this free online course named “Introduction to OAuth 2.0 and OpenID Connect“ kindly created and provided by Dr. Philippe De Ryck or the several tutorials from ConnectId.
Note that this post is mainly security-oriented feedback following a complete focused training that I have recently taken on the OAuth/OIDC topics.
Excellium Services and BitSight: which level of control do you have on your cybersecurity supply chain?
Contern – Luxembourg, 19th October 2021
Organizations are used to conduct mature processes to onboard a third-party, through sourcing, procurement, or vendor management. However, such processes do not often cover the long-term perspective and controls about any change that may occur within their partners. Manual interactions with the third-parties have an expensive cost and require staff that are focused on other concerns. Evaluation of the cybersecurity posture of third parties do not diverge from that trend. However, as a breach in a supplier’s Information System may have a huge impact on your own, how to conciliate a proper risk assessment and agility in an ever-growing interconnected world?
The power of the cloud migration
Welcome back to another The Cyber Blog Times article.
Today, we discuss a journey towards cloud migration. A trendy topic nowadays, especially since securing the cloud remains a cornerstone.
What is cloud migration? Why is that so important? How can you migrate in a secure way? We’ve got your back!
How to handle teleworking in Luxembourg while considering cybersecurity
On the 9th of April, 2021, the Commission de Surveillance du Secteur Financier (hereinafter, “CSSF”) published a new Circular dedicated to teleworking (Circular CSSF 21/769), which comes into force on the 30th of September, 2021. This Circular applies to all supervised companies and is a clear example of how the pandemic has tumbled the world and is slowly letting the way towards the “new normal”. Where teleworking was seen as an exception, it is now slowly becoming the new rule or at least an option for employees at a larger scale.
How to implement Security Automation
Welcome back to our fifth article from The Cyber Blog Times Edition. Today, we discuss security automation.
Without further ado, let’s see what security automation consists of. It consists of using technologies to perform tasks, with reduced human effort, to integrate processes, applications, and security infrastructure.
How to automatically validate the configuration of your API Gateway?
API everywhere…
Today, it is common for software, companies, etc. to provide a web API to expose data to their customers or partners11. https://blog.postman.com/api-growth-rate/. The objective is to facilitate the integration between Information Systems and create new business opportunities. For example, for banks, API was a way to provide more services to their customers through mobile applications. Do you remember the last time you needed to contact your bank directly or go physically to your bank agency?
Access the potential of the cloud to enhance global security
With its Excellium360 for Office 365 & Azure offering, the BELUX cybersecurity specialist provides its customers with access to advanced security features, such as Microsoft’s SIEM “Sentinel” solution. Integrated with Excellium’s Security Operations Center, it enables the cybersecurity of IT environments deployed both on-premises and in the cloud to be reinforced. Read more
