Our expert team knows how to anticipate, collaborate, and innovate.
About feature 2
Work with leaders in your field to develop insight, experience and truly add value.
About feature 1
Our expert team knows how to anticipate, collaborate, and innovate.
About feature 2
Work with leaders in your field to develop insight, experience and truly add value.
About feature 1
With the rise of the Continuous Deployment[1]https://www.atlassian.com/continuous-delivery/continuous-deployment activity, the frequency at which web applications (website, API, etc.) are deployed has significantly increased. Nowadays it is common to see companies deploying a new version of a web application several times a weeks/months[2]https://cloud.google.com/blog/products/devops-sre/another-way-to-gauge-your-devops-performance-according-to-dora.
Nowadays, most of the software is based on external components that are created and maintained by external entities. External components are also named “third-party” components and can be, for example, a library. The objective is, most of the time, to delegate specific operations to dedicated components. This facilitates the maintenance of the main application and lets the developers focus on the code providing the business features. The type of operation performed by a component can be, for example, Processing of specific file format, logging, handling of business data formats (e.g., SWIFT) and so on.
In this article, we address cyber crisis management. Indeed, a cyber crisis is the consequence of one or more malicious actions taken on the information systems of an entity. They may have consequences that can be disastrous both financially and reputationally speaking.
In a world where technology prevails and exchanges and data storages are fully digitalized, cybersecurity is a key element in an organization’s resiliency.
Resiliency is the ability of organizations, relying more and more on computing tools, to “survive” in case of IT tools’ failures. Considering the current cyber threats, this aspect has never been so important and preoccupying for Security & IT Experts. In fact, Belgium registered a rise of 30% in cybercrimes between 2018 and 2O19 (source: ccb.belgium.be). Choosing the right cybersecurity partner is now a major challenge.
What is an authorization matrix? How to implement it? If those are some questions you need to answer, you’re at the right place. In today’s article, we cover how to test the Authorization Matrix.
Before getting down to today’s topic, Web Cryptography API, note that all the photos below are available here1https://github.com/ExcelliumSA/WebCryptographyAPI-Study/tree/main/post in better quality.
Anyone developing a web application with a front-end may need to perform cryptographic operations like hashing, encryption, signatures on the client-side (JavaScript code). The habits lead to import and use popular external libraries like crypto-js21. https://www.npmjs.com/package/crypto-js in order to be portable across all targeted browsers:
This post presents a collection of security-oriented validation points that should be verified on a system using OAuth/OpenID Connect (OpenID Connect will be called OIDC in the rest of the post). Therefore, it assumes you are familiar with all the concepts related to OAuth/OIDC. All references to OAuth refer to OAuth 2.0.
If it is not the case then you can refer to this free online course named “Introduction to OAuth 2.0 and OpenID Connect“ kindly created and provided by Dr. Philippe De Ryck or the several tutorials from ConnectId.
Note that this post is mainly security-oriented feedback following a complete focused training that I have recently taken on the OAuth/OIDC topics.
Welcome back to another The Cyber Blog Times article.
Today, we discuss a journey towards cloud migration. A trendy topic nowadays, especially since securing the cloud remains a cornerstone.
What is cloud migration? Why is that so important? How can you migrate in a secure way? We’ve got your back!
On the 9th of April, 2021, the Commission de Surveillance du Secteur Financier (hereinafter, “CSSF”) published a new Circular dedicated to teleworking (Circular CSSF 21/769), which comes into force on the 30th of September, 2021. This Circular applies to all supervised companies and is a clear example of how the pandemic has tumbled the world and is slowly letting the way towards the “new normal”. Where teleworking was seen as an exception, it is now slowly becoming the new rule or at least an option for employees at a larger scale.
Agility, flexibility, COVID, … Organizations are adopting the cloud! This is the observation made by Excellium Services during its security interventions (incident response, security assessment, security configuration, …). From cost allocation to the “Pay as you use” payment solution allowing more financial flexibility, to the management of the delegated service, including the centralization of logs favouring permanent access by the customer to the latest information, Microsoft is drawing attention with its new Azure Sentinel security offer.