The FAPI working group provides JSON data schemas, security and privacy recommendations and protocols to enable applications to utilize the data stored in a financial account, to enable applications to interact with a financial account, and enable users to control the security and privacy settings.| OpenID Foundation - Helping people assert their identity wherever they choose
Virtually all of the systems we are building today share data via public networks. We rarely want that data to be available to everyone, so we restrict access to it.| securityblog.omegapoint.se
In the previous article, we talked about what information we require to achieve strong access control. This article looks at how we transfer information on what scopes and audiences the user has approved, their identity and details on their login, plus rights we use for access control.| securityblog.omegapoint.se
In the first two articles, we discussed how to design your system in order to build strong access control. We looked at how you can strike the right balance in terms of what information is associated with your access token, and we looked at balancing identity and local permissions. This article will take a look at how to configure a client in order to get a token, and how we handle sessions.| securityblog.omegapoint.se
Developing systems that expose sensitive information on the internet requires us as developers and architects to think about security at all times. The classic model with only a strong perimeter defense is no longer suitable for modern architecture. As a result of this our role has changed, and we need to shoulder a larger responsibility for the security of the APIs and applications we develop. With the contents gathered on this page we describe what you need in order to build a system with s...| Omegapoint Security Blog
The OWASP Application Security Verification Standard (ASVS) Project is a framework of security requirements that focus on defining the security controls required when designing, developing and testing modern web applications and web services.| owasp.org
This article gives an introduction to ethical hacking and web application penetration testing, and how it differs from for other types of penetration tests. We cover the basic principles of penetration testing and a simplified model for pentesting methodology. It will highlight key aspects of a high-quality security review, where the penetration test plays a big part, and the importance for developers to embrace a hacker's mindset (and vice-versa)| securityblog.omegapoint.se
Website with the collection of all the cheat sheets of the project.| cheatsheetseries.owasp.org
Website with the collection of all the cheat sheets of the project.| cheatsheetseries.owasp.org
OAuth 2.0| oauth.net