Application SecurityTechnology
We saw different implementations of a password reset functionality to ensure application security along with their best practices in the first and the second blogs of the series. In this final blog of the series, we will discuss the concept of Multi-Factor Authentication (One Time Passwords i.e. OTP) for the implementation of a reset password […]
Application SecurityTechnology
Digital innovation has been evolving and growing in the financial space with time. It is no secret that the financial companies today see digital presence as a key component to their company’s success. Customers can now manage their finances from anywhere and at anytime using these digital offerings. But, this raises a serious issue. With […]
Application SecurityTechnology
Hackers and cyber criminals identify E-commerce sites as a source of information, such as credit cards and other PII (Personally identifiable information). To protect customers, it’s necessary to know how to protect the application and the sensitive customer data it has. All this involves user’s trust and assurance on the brand and yes, it is at […]
AWS re:Invent has already begun and keeping in mind security of your applications in the cloud, AWS has launched a new service called AWS Web Application Firewall. This service is intended to secure what you share on the world wide web via AWS CloudFront. Making the experience for the user better with more security is […]
A thief picks a lock to open it. But if the key is already available, it’s a piece of cake for the thief. Such is the nature of applications and hackers today. All it takes is one mistake from the developer(the key) and the hackers capitalize on that mistake (the theft). It has been rightly […]
Hackers and cyber criminals identify healthcare organizations as a source of assets, similar in a way that a bank has monetary assets. In case you have any doubt about the previous statement, I would like to reassure you that healthcare information has a monetary value and worth. And yes, it is at risk. What is […]
Almost every web and mobile application today gives you an option to create an account. Once you have created an account, you can login and access all the features of the application. This login process allows you to manage data that is private to you. This feature is referred to as Authentication, where a user […]
In continuation to my last blog about possible attacks on a password reset functionality, this part of the same series will look into below two implementations: • Email sent with a temporary password or current password • Secret questions asked and then given the option to reset the password I will mention possible issues which might […]
For every developer, implementing a password reset feature is a very interesting part. This is where he develops a logic and then implements it in the code. There is no well-defined industry standard on how to implement a secure password reset functionality in your application. So, the result is that every application has a different […]