Threat Modeling Gameplay with EoP
Coming soon to a bookshelf near you, Threat Modeling Gameplay with EoP: A reference manual for spotting threats in software architecture
Tagged in: Security (16)
Games with Purpose - Nov 2022
Some interesting security and creativity games plus a few more
Application Security is More than Just Pen Testing
So often organizations believe that Application Security stops at penetration testing and fixing vulnerabilities but it is more than that, penetration testing is the reactive side of things but you also need the proactive aspects of Application Security to reduce the flow.
OWASP - Application Security Awareness Campaigns
I’ve just launched the first OWASP Application Security Awareness Campaign with 11 Posters of the OWASP Top Ten 2021 project.
Calculating Risk Across Project Real-estate using Graph Analysis
Prioritising remediation of vulnerabilities based on effective impact and risk using PageRank.
Introduction to SAML for Managers
SAML allows your users to be authenticated and authorized without direct interaction with your web site. It does this by creating a trust relationship between the site and a trusted third party who vouches for the identity of the user. This article explains both how this happens and what the additional benefits are.
Introduction to Kerberos for Managers
What is Kerberos? It is an authentication mechanism...
Introduction to SSL for Managers
In this article I am going to outline what SSL is, its building blocks and how it works.
Three Brass Monkeys
In this article I’m going to talk about why we shouldn’t take security for granted, what practices should be part of our process and how the industry may move to enforce this.
Introduction to Public Key Encryption for Managers
In this first article of a series I’m going to start by explaining a little bit about Public Key encryption which is one of the fundamental building blocks of SSL.
SAML Single Sign on With JBoss Wildfly and Picketlink
Following on from my previous article about configuring SAML SSO with Tomcat and Picketlink this time I will show you how to do the same thing with JBoss Wildfly.
Kerberos User Impersonation on Tomcat with Apache
If you are using Kerberos for single sign-on SSO and want to be able to make http requests impersonating the end user to third party systems you can do this using the HttpClient that is part of the Apache HttpComponents project.
Browse all Topics
- ANTLR
- Application Security
- AppSec
- Authentication
- Authorization
- Awareness
- CAPEC
- Centrality
- Certificates
- Compiler Compilers
- Compliance
- Dependency Analysis
- Digital Signatures
- Elevation of Privilege
- English
- Framework Fixators
- Games
- Grammar
- Graph Analysis
- GSSCredential
- Hashing
- HttpClient
- HttpComponents
- Inner-Source
- IT Extremists
- Java
- JavaCC
- JavaScript
- JBoss
- JNDI Realm
- Kerberos
- Key Distribution Center
- languages
- LDAP
- learning
- Legislation
- Manners
- Mitre
- Motivation
- Origins
- Osteria
- OWASP
- PageRank
- Parser Generators
- PicketLink
- Posters
- Programming Languages
- Public Key Cryptography
- Python
- Risk
- Running
- SAML
- SCA
- Scrum Nazis
- Scrum Talibans
- Security
- Social Engineering
- SSL
- SSO
- Strategy
- STRIDE
- Threat Modeling
- TLS
- Tomcat
- Top 10
- TRIM
- Vulnerability Management
- Wildfly