Posts Tagged ‘security’

When building a modern website, a developer needs to pay attention to many things. One of those is security; it always should be placed at the top of the priority list. And the best way to protect site bytes and user input while they’re traveling between a browser and web servers is Transport Layer Security (TLS a.k.a. SSL). If you want to learn how TLS can be implemented in Sitecore, you don’t need to search further. Let’s start…

About a month ago I attended a local infosec panel discussion (Detect and Defend,  hosted by the St. Louis Business Journal).  I’ve seen a lot of panel discussions, and I’ve even been a panelist from time to time, but none of those events were as particularly engaging as this one.  All of the panelists seemed […]

  Every industry experiences cybercrime, but possibly none more than the financial services space, with an average annualized cost of $13.5 million. In last month’s newsletter, the Financial Services Information Sharing and Analysis Center (FS-ISAC) shared several threats to look out for in 2016. While most are not new, the number of occurrences continue to […]

The IBM InterConnect 2016 energetic day 2 general session focused on IT transformation. The session discussed factors and real-life examples of how company’s culture and IT has and must transform. Some of the key messaging included data, security, APIs, cloud and application integration. Speakers included: Caleb Barlow, IBM VP WW Portfolio Marketing, IBM Security Harriet […]

Security in the cloud is a critical concern of every customer who leverages cloud offerings. IBM InterConnect 2016 had a very informative session with great speakers, Staying Secure in the Cloud with SaaS. The following IBM leaders presented: David Cass, Chief Information Security Officer, IBM Cloud Nathan Reid, Director, Cloud Engineering, IBM Analytics Dave Durazzano, […]

  Dislike being asked for your name, account number, and password every time you call the bank? Well, times are a-changin’. Banks are turning to mobile technology for help more than ever before. Bank of America is leveraging thumbprint verification technology that enables customers to automatically be identified, as well as carry out their banking […]

As IT consultants, we’re pretty sure that we’re smart enough to recognize phishing attacks against us. We all get emails asking us to open invoices, confirm our bank account information, or perform other actions designed to separate us from our credentials and our money. But according to a consultant specializing in penetration testing, 40% of us will still […]

  On December 17, 2015, the FDA issued a warning letter to Sun Pharmaceuticals Industries Ltd. in Gujarat, India. Sun Pharma’s website boasts that it is the “World’s 5th Largest Specialty Generic Pharmaceutical Company” with over 2,000 products in more than 150 markets across the globe. When an organization that large winds up with a […]

There was a lot to talk about in 2015, but our most popular posts centered around compliance, security and risk management. Here are your favorite posts of the year:   Ten | How to drive the most value from your compliance investments Compliance is a strategic imperative for financial services organizations. This post discussed how […]

Well, I am probably going to kick myself for trying to do this, but I have finally decided to write an overview of Google Search Appliance security.  I realize this is a bit like trying to write an article on how the Internet works – the topic is broad, it has been covered by many people […]

One of the most common things we hear from our clients is their need to automatically access security related reports from Azure AD. With last week’s announcement from Microsoft about AAD Reporting APIs Public Preview, we now have that capability. Azure AD already has a robust set of activity, security and audit reports, with some […]

Common API Threats: spoofing, tampering, repudiation, denial of service, unauthorized access, confidentiality violation API Security Considerations:  Identification – Know Your Consumer The common approach to implementing this is using API keys, which are nothing but randomly generated values that will vary for each consumer. Authentication – is Consumer Authentic User-Password over SSl/TSL: the API consumer will be providing a user […]