Read https://martinfowler.com/articles/web-security-basics.html! It is a very good introduction into to relevant web security topics.
And here’s a Security Awareness Planning Kit, if you ever wanted one (I did!): https://sans.org/sites/default/files/2020-06/SANS-SecurityAwarenessPlanningKit.zip
Example Project Charter: Project Charters are the first step in planning any large-scale project or initiative. This covers the key elements of a Project Charter for a new Security Awareness Program.
Example Project Plan: A detailed example of what a complete Project Plan can look like for a comprehensive Security Awareness Program.
Presentation: Slide deck to help you gain leadership’s support for your security awareness program.
Metrics Matrix: This interactive matrix identifies and documents numerous ways to measure security behaviors, culture and strategic impact of your security awareness program.
Phishing Planning Guide: This strategic guide walks you through the key elements of planning a successful phishing program.
Maturity Model: The Security Awareness Maturity Model is a key part of planning and communicating your awareness program. Both the model and a detailed breakdown of each stage is provided in your planning kit.
Annual Program Schedule: These templates provide examples of how you can visually document your overall security awareness plan.
SANS Security Awareness Report: This annual data driven report enables you to benchmark your program against other organizations and prioritize your resources and initiatives.
Working from Home Deployment Kit: Everything you need to quickly plan and deploy a Work from Home security awareness training program. Includes a strategic planning guide, training videos and additional materials in over thirty languages.
If you implement a Microservice-Architecture, you will – sooner or later – have to deal with the cross cutting concern of client authentication and general securities questions. In this article I will discuss a few options.Continue reading “Securing Microservices (API-Gateways and Zero-Trust)”
- Authenticating a third-party application with credentials
- credentials (passwords) must be stored in third-party application
- no restriction of third-party application access – because of credentials
- Resource owner: entity granting access to a resource, could be an end-user
- Resource server: providing the protected resource (data), accepting
- Client application: e.g. an application making
- Authorization server: authorizing the client application to access the resource data by issuing