/Security

Implementation Challenges Of A Homegrown SCIM Solution

tl;dr: SCIM provisioning is a table stakes feature that nearly every enterprise customer requests. It enables secure and automated user lifecycle management, allowing users to be seamlessly onboarded and offboarded from applications. But building SCIM in-house is incredibly complex. There is a ton of fragmentation you have to deal with because each identity provider (Okta, Azure, etc.) has different ways of interpreting the SCIM protocol.

featured in #548

Securing Applications in the Age of AI: New Threats, New Strategies

- Reed McGinley-Stempel tl;dr: As artificial intelligence reshapes application security, new threats emerge alongside innovative protective strategies. Reed explores the challenges posed by AI-driven attacks and offers proactive measures to strengthen your security framework, empowering you to safeguard applications while maximizing AI's potential for resilience.

featured in #547

Frontend Security Checklist

- Trevor Indrek Lasn tl;dr: This article explains the common vulnerabilities and provides practical solutions with code examples. Trevor-Indrek discusses: (1) Cross-Site Scripting (XSS). (2) Content Security Policy Headers. (3) Cross-Site Request Forgery. (4) Insecure Direct Object References. (5) Environment Variables. 

featured in #541

PII Redaction: Protect Sensitive Information

tl;dr: Identify and remove personal data such as addresses, phone numbers, and credit card details from your transcripts. Now available in 47 additional languages.

featured in #538

Just Disconnect The Internet

- Jesse Crawford tl;dr: “The idea that computer systems just "shouldn't be connected to the internet," for security or reliability purposes, is a really common one. It's got a lot of appeal to it! But there's not really that many environments where it's done. In this unusually applied and present-era article, I want to talk a little about the real considerations around "just not connecting it to the internet," and why I wish people wouldn't bring it up if they aren't ready for some serious considerations.”

featured in #538

What is Fingerprint Browsing And How Does It Work?

- Evelyn Chea tl;dr: Cookies are great, but they aren’t reliable. That's where browser fingerprinting comes in. Visitor identification captures details like browser type, operating system, and screen resolution using advanced techniques like canvas and WebGL fingerprinting to create a unique digital fingerprint for each visitor. It goes beyond traditional cookies, offering enhanced security, fraud detection, and personalized user experiences. 

featured in #532

Proactive Measures Against Password Breaches And Cookie Hijacking

- Nathan Lehotsky Ryan Persaud tl;dr: “Slack’s strategy has always been to anticipate and mitigate threats before they can impact our users. We have been continuously scanning the internet using regular expressions tailored to the specifics of our tokens and webhooks to find any that are publicly accessible. Oftentimes these secrets get inadvertently exposed when they get hard-coded into development code and then published somewhere like GitHub. Since these secrets provide varying levels of access to a user’s workspace, our tooling automatically and immediately invalidates tokens and webhooks upon discovery and notifies their respective owners.”

featured in #528

Catching Compromised Cookies

tl;dr: “Slack workspaces contain sensitive data and can be an attractive target for attackers. Consider the situation where a threat actor phishes a user and manages to install malware on their device. The malware could then steal cookies, which are stored in the device’s browser, and replay those cookies to impersonate the user. To take a real world example, imagine you left your house key under the mat and someone managed to discover it, clone it, and put it back so you had no idea. One way to reduce the risk of a copied key is to change your locks regularly. If you do that, a thief would have only a limited window of time to use the key they copied.”

featured in #526

How to Avoid Breached Passwords

tl;dr: Cyber attackers have many ways to infiltrate your systems. Proper password protocols could help, but ensuring users follow them is difficult. Breaches can lead to costly lawsuits and damage reputations. Compromised passwords can also be reused to access user accounts. This tech paper explores the issue, offers solutions, and provides strategies to protect users and organizations.

featured in #520

What Is SCIM Provisioning And Why Is It Important In An Enterprise Roadmap?

tl;dr: Signups are great, but your product only grows when your customers actually use it. Adding Directory Sync to your app can help improve activation rates and land those larger enterprise deals. Like SSO and SAML, implementing Directory Sync is full of archaic standards, versioning nightmares, and manual integrations; it can be a lot to handle. This Developer's Guide will walk you through everything about Directory Sync: what it is, why it’s important, protocols like SCIM, and how to build it into your product.

featured in #516