AWS re:Invent has already begun and keeping in mind security of your applications in the cloud, AWS has launched a new service called AWS Web Application Firewall. This service is intended to secure what you share on the world wide web via AWS CloudFront. Making the experience for the user better with more security is what AWS has always...
A thief picks a lock to open it. But if the key is already available, it’s a piece of cake for the thief. Such is the nature of applications and hackers today. All it takes is one mistake from the developer(the key) and the hackers capitalize on that mistake (the theft). It has been rightly said, ”Security is only as strong as the...
Hackers and cyber criminals identify healthcare organizations as a source of assets, similar in a way that a bank has monetary assets. In case you have any doubt about the previous statement, I would like to reassure you that healthcare information has a monetary value and worth. And yes, it is at risk. What is wrong with the Healthcare...
Almost every web and mobile application today gives you an option to create an account. Once you have created an account, you can login and access all the features of the application. This login process allows you to manage data that is private to you. This feature is referred to as Authentication, where a user is authenticated to use a...
In continuation to my last blog about possible attacks on a password reset functionality, this part of the same series will look into below two implementations: • Email sent with a temporary password or current password • Secret questions asked and then given the option to reset the password I will mention possible issues which...
For every developer, implementing a password reset feature is a very interesting part. This is where he develops a logic and then implements it in the code. There is no well-defined industry standard on how to implement a secure password reset functionality in your application. So, the result is that every application has a different way...