Authentication, Exercises and Open Source - Information Technology Zone

If You’re Only Doing WAF, You’re Doing API Security Wrong

ForAllSecure

FEBRUARY 15, 2023

In May 2021, Peloton, the exercise company, found that its API was not authenticating users properly. To address issues such as authentication misconfigurations, organizations have been quick to adopt Web Application Firewalls (WAFs). It would be a shame if the API were non-performative, or worse if the API actually leaked data.

Security

Security Firewall Authentication Programming

ChatGPT could make bioterrorism horrifyingly easy

Vox

AUGUST 7, 2023

In a recent exercise at MIT, it took just one hour for ChatGPT to instruct non-scientist students about four potential pandemic pathogens, including options for how they could be acquired by anyone lacking the skills to create them in the lab, and how to avoid detection by obtaining genetic material from providers who do not screen orders.

Artificial Intelligence

Artificial Intelligence Tools Exercises Training

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

I mean, it was open source, right? And this is open source software, meaning that there’s some developers or some project behind it that has already built out the basics of what you need to put it into your code and start using it. And is it better to be open source or commercial. No shame in that.

Open Source

Open Source Tools Security Software

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

I mean, it was open source, right? And this is open source software, meaning that there’s some developers or some project behind it that has already built out the basics of what you need to put it into your code and start using it. And is it better to be open source or commercial. No shame in that.

Open Source

Open Source Tools Security Software

The Mayhem for API Difference - A ZAP - Mayhem for API Scan Comparison

ForAllSecure

SEPTEMBER 7, 2022

ZAP is an open-source web application security scanner that can be used by both those new to application security as well as professional penetration testers. The response will contain the token you will use for other parts of the exercise. { "auth_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NjIwNjkxNTIsImlhdCI6MTY2MjA2OTA5Miwic3ViIjoiZm9vIn0.7aB_94z7FmcGYNTaL67DW47Ht2WTBKlQ85eCbvmlBLM",

Comparison

Comparison Applications Tools Authentication

The Mayhem for API Difference - A ZAP - API Scan Comparison

ForAllSecure

SEPTEMBER 7, 2022

ZAP is an open-source web application security scanner that can be used by both those new to application security as well as professional penetration testers. The response will contain the token you will use for other parts of the exercise. { "auth_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NjIwNjkxNTIsImlhdCI6MTY2MjA2OTA5Miwic3ViIjoiZm9vIn0.7aB_94z7FmcGYNTaL67DW47Ht2WTBKlQ85eCbvmlBLM",

Comparison

Comparison Applications Tools Authentication

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

I mean, it was open source, right? And this is open source software, meaning that there’s some developers or some project behind it that has already built out the basics of what you need to put it into your code and start using it. And is it better to be open source or commercial. No shame in that.

Open Source

Open Source Tools Security Software

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In 2013, researcher Nitesh Dhanjani found that a popular brand used simple MD5 hashes of the device's MAC addresses for authentication. Problem is, MAC addresses are not great for authentication. It seemed that once you authenticated through the local network, the app maintain that access, even if you are halfway across the world.

Internet

Internet Research Security Tools

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In 2013, researcher Nitesh Dhanjani found that a popular brand used simple MD5 hashes of the device's MAC addresses for authentication. Problem is, MAC addresses are not great for authentication. It seemed that once you authenticated through the local network, the app maintain that access, even if you are halfway across the world.

Internet

Internet Research Security Tools

The Hacker Mind Podcast: Tales From A Ransomware Negotiator

ForAllSecure

MAY 30, 2023

They're associated name and shame sites, and when there are publications to those sites, what the associated verticals are to those clients who've been published and, you know, track all those accordingly, from an open source perspective, but also, you know, responding to incidents for them as well. How should it work?

Authentication

Authentication Groups Backup Data

Geek of the Week: Tech vet Dick Hardt searches for a better way to verify your ?internet identity?

GeekWire

JUNE 2, 2020

Dick Hardt has often been “early to the new,” as he puts it: Microsoft Windows in 1986, neural networks in 1989, the internet in 1993, open source in 1995, and even Burning Man in 1999. Favorite app: The Fi app for tracking our dog’s exercise. (Photo courtesy of Dick Hardt). First computer: PDP-11.

Internet

Internet Architecture Microsoft Applications

Decentralization in Sovrin

Phil Windley

OCTOBER 23, 2018

Our goal is for the Sovrin Network to be an open, public, decentralized utility for digital identity. Those three adjectives deserve some explanation: open —The Sovrin network is based on the open-source Hyperledger Indy project. The governance of the Sovrin Network should also be open.

Open Source

Open Source Network Architecture Government

Even Elon Musk doesn’t know what he means by free speech

Vox

APRIL 26, 2022

In the press release this week about his acquisition of Twitter, Musk also suggested less-controversial changes to Twitter, including “making the algorithms open source to increase trust, defeating the spam bots, and authenticating all humans.” So we’ll have to see whether Musk can execute and how long it will take.

Social

Social Media Authentication Conference

Information Technology Zone

If You’re Only Doing WAF, You’re Doing API Security Wrong

ChatGPT could make bioterrorism horrifyingly easy

Webinars

Trending Sources

The Hacker Mind Podcast: Hunting The Next Heartbleed

Webinars

The Hacker Mind Podcast: Hunting The Next Heartbleed

The Mayhem for API Difference - A ZAP - Mayhem for API Scan Comparison

The Mayhem for API Difference - A ZAP - API Scan Comparison

The Hacker Mind Podcast: Hunting The Next Heartbleed

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

The Hacker Mind Podcast: Tales From A Ransomware Negotiator

Geek of the Week: Tech vet Dick Hardt searches for a better way to verify your ?internet identity?

Decentralization in Sovrin

Even Elon Musk doesn’t know what he means by free speech

Stay Connected