How to Avoid Breached Passwords
tl;dr: Cyber attackers have many ways to infiltrate your systems. Proper password protocols could help, but ensuring users follow them is difficult. Breaches can lead to costly lawsuits and damage reputations. Compromised passwords can also be reused to access user accounts. This tech paper explores the issue, offers solutions, and provides strategies to protect users and organizations.featured in #520
What Is SCIM Provisioning And Why Is It Important In An Enterprise Roadmap?
tl;dr: Signups are great, but your product only grows when your customers actually use it. Adding Directory Sync to your app can help improve activation rates and land those larger enterprise deals. Like SSO and SAML, implementing Directory Sync is full of archaic standards, versioning nightmares, and manual integrations; it can be a lot to handle. This Developer's Guide will walk you through everything about Directory Sync: what it is, why it’s important, protocols like SCIM, and how to build it into your product.featured in #516
How To Enforce Stronger Customer Passwords
- Paul Asjes tl;dr: A common cause of data breaches and account hijacking is customers using weak or common passwords. To solve this problem, Dropbox created zxcvbn, an OS library that calculates password strength based on factors like entropy, dictionary checks, and pattern recognition. If you want an easy way to implement user password security in your app, check out AuthKit, an open-source login box that incorporates zxcvbn and other best practices to provide a much more secure onboarding experience for new users.featured in #514
Stealing Your Telegram Account In 10 Seconds Flat
tl;dr: “This attack is incredibly easy to pull off even for a low-skill attacker. Assuming some higher forces have already set up a custom domain for you, all you need to know is how to tap on a link and add a letter onto the URL bar. You don’t need any specialized tools, you don’t need to know anything about the target, you don’t even need a phone.”featured in #512
featured in #509
What We Know About The xz Utils Backdoor That Almost Infected The World
- Dan Goodin tl;dr: “A lone Microsoft developer rocked the world when he revealed a backdoor had been intentionally planted in xz Utils, an open source data compression utility available on almost all installations of Linux and other Unix-like operating systems. The person or people behind this project likely spent years on it. They were likely very close to seeing the backdoor update merged into Debian and Red Hat, the two biggest distributions of Linux, when an eagle-eyed software developer spotted something fishy.”featured in #503
Are You Ready For PCI DSS 4.0?
- Robert Curlee tl;dr: If your organization handles or processes card payment data, an important milestone is upon you with the coming retirement of PCI DSS 3.2.1 and the following adoption of the new PCI DSS 4.0 standard. SonarQube can help you prepare for the new PCI DSS 4.0 requirements by identifying vulnerabilities, automating standards enforcement, conducting regular code reviews, and training developers on secure coding practices.featured in #498
Why Passkeys Improve User Security & How to Implement Them.
tl;dr: Passwords are a headache for users and a security risk for organizations. Passkeys, a cutting-edge solution rooted in public key cryptography, are poised to revolutionize authentication, improving security and usability for all. This paper talks about how they work and how to implement them into your ecosystem.featured in #487
Keep Your Secrets From Leaking
- Alexandre Gigleux tl;dr: Secrets in your source code, when leaked, expose you to a security vulnerability due to illicit access to your private data. Sonar can find secrets in source code in your IDE using SonarLint and also detect them in your CI/CD pipeline using SonarQube and SonarCloud.featured in #484
Keep Your Secrets From Leaking With Sonar
- Alexandre Gigleux tl;dr: Secrets in your source code, when leaked, expose you to a security vulnerability due to illicit access to your private data. Sonar can find secrets in source code in your IDE using SonarLint and also detect them in your CI/CD pipeline using SonarQube and SonarCloud.featured in #483