
Games with Purpose - Nov 2022
Some interesting security and creativity games plus a few more

Some interesting security and creativity games plus a few more

Threat modeling with teams is a process that requires visuals, interaction between team members and discussion and so lends itself to everyone being in a room together. This has been quite hard the last two years. It also doesn’t look to be getting any easier, so we should probably get used to it. Here’s how I’ve been doing it with several teams.

So often organizations believe that Application Security stops at penetration testing and fixing vulnerabilities but it is more than that, penetration testing is the reactive side of things but you also need the proactive aspects of Application Security to reduce the flow.
Mapping between the Common Attack Pattern Enumeration and Classification (CAPEC) from Mitre and the S.T.R.I.D.E. Categories used in Threat Modeling.

I’ve just launched the first OWASP Application Security Awareness Campaign with 11 Posters of the OWASP Top Ten 2021 project.

Prioritising remediation of vulnerabilities based on effective impact and risk using PageRank.

This is just a collection of notes I’ve made over a period of time to remind me of certain commands or syntax. I will continue adding to this over time. I’m also going to add my Natural Language Processing notes and Machine Learning Notes in a couple of other articles.

SAML allows your users to be authenticated and authorized without direct interaction with your web site. It does this by creating a trust relationship between the site and a trusted third party who vouches for the identity of the user. This article explains both how this happens and what the additional benefits are.

What is Kerberos? It is an authentication mechanism...

What are digital signatures and what do they tell us, what information do they hold? All this and more are explained in this article.

In this article I am going to outline what SSL is, its building blocks and how it works.

In this article I’m going to talk about why we shouldn’t take security for granted, what practices should be part of our process and how the industry may move to enforce this.

In this first article of a series I’m going to start by explaining a little bit about Public Key encryption which is one of the fundamental building blocks of SSL.

Following on from my previous article about configuring SAML SSO with Tomcat and Picketlink this time I will show you how to do the same thing with JBoss Wildfly.

If you are using Kerberos for single sign-on SSO and want to be able to make http requests impersonating the end user to third party systems you can do this using the HttpClient that is part of the Apache HttpComponents project.

In this article I’ll give you an introduction to SAML Web Browser Single Sign On Profile using POST and how to configure it in Tomcat.