The FAPI working group provides JSON data schemas, security and privacy recommendations and protocols to enable applications to utilize the data stored in a financial account, to enable applications to interact with a financial account, and enable users to control the security and privacy settings.| OpenID Foundation - Helping people assert their identity wherever they choose
Virtually all of the systems we are building today share data via public networks. We rarely want that data to be available to everyone, so we restrict access to it.| securityblog.omegapoint.se
In the previous article, we talked about what information we require to achieve strong access control. This article looks at how we transfer information on what scopes and audiences the user has approved, their identity and details on their login, plus rights we use for access control.| securityblog.omegapoint.se
Our first three articles were about designing and getting an access token. We also established a model for how we move from identity and scopes to the permissions that we base all further access control on. In this article, we discuss what you need to do when implementing your API in order to protect your functions and your data.| Omegapoint Security Blog
The first three articles covered modelling identity and the steps necessary to retrieve an access token. The fourth article showed how to validate an incoming request and build a fine-grained access control for our API. In this article we will discuss the infrastructure necessary to deploy and operate the system we’ve described in the previous articles. We will also cover some important notes regarding data management.| Omegapoint Security Blog
In the previous article we covered some important security aspects regarding server-side infrastructure. This article covers some of the challenges we face on the client-side, in particular when working with browsers. The browser is a very attractive target environment for distributing applications and systems to the user. It’s easy to access and requires no additional installation since most of today’s users have access to a modern browser. For the user it is, compared to installing and ...| Omegapoint Security Blog
This article summarizes the learnings from article series and highlight key security principles and recommended further reading.| Omegapoint Security Blog
Developing systems that expose sensitive information on the internet requires us as developers and architects to think about security at all times. The classic model with only a strong perimeter defense is no longer suitable for modern architecture. As a result of this our role has changed, and we need to shoulder a larger responsibility for the security of the APIs and applications we develop. With the contents gathered on this page we describe what you need in order to build a system with s...| Omegapoint Security Blog
This article gives an introduction to ethical hacking and web application penetration testing, and how it differs from for other types of penetration tests. We cover the basic principles of penetration testing and a simplified model for pentesting methodology. It will highlight key aspects of a high-quality security review, where the penetration test plays a big part, and the importance for developers to embrace a hacker's mindset (and vice-versa)| securityblog.omegapoint.se
clickbait isn’t it? But this was Brock’s immediate reaction when we saw (and I recommend you read this first): What this basically means is, that browser are getting more and more stric…| leastprivilege.com