Uncategorized

by Excellium SA Excellium SA No Comments

What is Web Cryptography API?

Before getting down to today’s topic, Web Cryptography API, note that all the photos below are available here1https://github.com/ExcelliumSA/WebCryptographyAPI-Study/tree/main/post in better quality.

Anyone developing a web application with a front-end may need to perform cryptographic operations like hashing, encryption, signatures on the client-side (JavaScript code). The habits lead to import and use popular external libraries like crypto-js21. https://www.npmjs.com/package/crypto-js  in order to be portable across all targeted browsers:

Read more

by Excellium SA Excellium SA No Comments

How to evaluate an “OAuth/OpenID Connect” system from a security point of view?

This post presents a collection of security-oriented validation points that should be verified on a system using OAuth/OpenID Connect (OpenID Connect will be called OIDC in the rest of the post). Therefore, it assumes you are familiar with all the concepts related to OAuth/OIDC. All references to OAuth refer to OAuth 2.0.

If it is not the case then you can refer to this free online course named Introduction to OAuth 2.0 and OpenID Connect kindly created and provided by Dr. Philippe De Ryck or the several tutorials from ConnectId.

Note that this post is mainly security-oriented feedback following a complete focused training that I have recently taken on the OAuth/OIDC topics.

Read more

by Excellium SA Excellium SA No Comments

How to handle teleworking in Luxembourg while considering cybersecurity

On the 9th of April, 2021, the Commission de Surveillance du Secteur Financier (hereinafter, “CSSF”) published a new Circular dedicated to teleworking (Circular CSSF 21/769), which comes into force on the 30th of September, 2021. This Circular applies to all supervised companies and is a clear example of how the pandemic has tumbled the world and is slowly letting the way towards the “new normal”. Where teleworking was seen as an exception, it is now slowly becoming the new rule or at least an option for employees at a larger scale.

Read more

by Excellium SA Excellium SA No Comments

Microsoft & Excellium Services for a secured cloud migration

Agility, flexibility, COVID, … Organizations are adopting the cloud! This is the observation made by Excellium Services during its security interventions (incident response, security assessment, security configuration, …). From cost allocation to the “Pay as you use” payment solution allowing more financial flexibility, to the management of the delegated service, including the centralization of logs favouring permanent access by the customer to the latest information, Microsoft is drawing attention with its new Azure Sentinel security offer.

Read more

by Excellium SA Excellium SA No Comments

Move to an efficient Vulnerability Management with a risk-based approach

Market Observations

Market observations show that more than two-thirds of companies over the world anticipate either a decrease or no change of their IT budget in the “Covid-19 recovering phase”. In the meantime, about 80% declare they do not adjust their budget according to the business impact1Source: Gartner. As the market continues to lack skilled cybersecurity staff to meet the growing demand, organizations are forced to do “more with less”.

Read more

Top