Most applications need authentication mechanisms and authorization mechanisms. When the authentication mechanism confirms that some entities are legitimate users, the authorization mechanism will determine whether users are allowed to perform these operations according to their roles and permissions. In most cases, we usually do not need special

Two factor verification (2FA), sometimes called two-step verification or two factor verification, is a security verification process. In this authentication process, users need to provide two different authentication factors to prove their identity, so as to better protect user certificates and user access

Over the past five years, the Internet Engineering Task Force (IETF) has been working on the latest version of the Standardized Transport Layer Security Protocol (TLS), which is one of the most important security protocols under the Task Force, and IETF is the standard body that defines Internet protocols. TLS is used to protect the web (also

I am often asked which browsers I use, and my answer is that I will use them all. Although it sounds exaggerated, it is. I use multiple browsers all day long. I used to perform all operations in Firefox with my personal configuration, but later turned to using

Security is a subject that is often misunderstood by developers, because the vast majority of people focus on security technology rather than broader topics involving people, money, risk and business priorities. As a result, we often see that the problem is more complicated because of decision-making mistakes, and at the same time

In terms of network security, the following situation is very certain: security practitioners are experiencing a busy year. The network attack in 2016 set a record, and the threat to the network environment in 2017 will be more serious. Here are four problems that need attention.

Although a real-time project is promoting the elimination of unsafe HTTP traffic, DNS is basically a network service that relies on unauthorized plaintext. However, there are still some efforts to try and fix this problem. This article is about using Debian notebook to

At Yahoo, our users receive and send billions of emails every day. For our hundreds of millions of users around the world, we are committed to making Yahoo Mail easier to use, more personalized, and more secure. In order to meet the requirements of protecting user data, recently, our security team

The slogan "No cloud, only other people's computers", accompanied by a worried cloud picture, has appeared for some time. It is too simplistic, but it just summarizes some computer users' distrust of cloud technology. It is inferred that those who trust the cloud

More and more hackers are eyeing mobile applications, increasing every day, because there are things that hackers are interested in, such as user data. Hard coded security key, personal information stored in clear text in SD card

What are the most useful monitoring tools for Java developers? Monitoring is a very important function in today's production environment. Errors and performance problems can occur at any time - not just during business hours - so a good monitoring tool needs to be available 24 hours a day, 7 days a day. There are some

Recently, we have seen that many websites use HTTPS protocol to provide web services. Usually, we see the HTTPS protocol in some sites that contain confidential information, such as banks. If you visit Google and check the address bar, you will see the following information we can see

In order to combat DDoS attacks, you need to have a clear understanding of what happened during the attack In short, DDoS attacks can achieve their goals by exploiting vulnerabilities on the server or consuming resources (such as memory, hard disk, etc.) on the server

As an aviation engineer in X94, your boss asked you to retrieve a specific patent from the engineering drawing of Building 2. Unfortunately, entering the building requires you to show proof of your qualification to enter the building, and then you quickly show it to the security guard in the form of a badge

This article shows you how to set stronger SSL on nginx's web server. We implement this method to weaken CRIME attacks by invalidating SSL. Do not use the vulnerable SSL v3 and the following versions in the protocol, and we will set a stronger password suite to

As a security company, we are often asked by developers about the best security practices on Stormpath. One of the frequently asked questions is: should I run HTTPS on the site? Unfortunately, searching the whole Internet, most of you

The American people want government websites to be secure, and their access to these websites is protected as privacy. HTTPS protocol provides the strongest privacy protection for public network connection with today's Internet technology. The use of HTTPS reduces users' ability to use government online services

I wrote about Docker security on Opensource.com, and the only thing I want to explain is that "containers do not contain". One of the main goals of Red Hat and Docker is to ensure that this statement is not absolutely correct

FireEye researchers detected that during an attack, a malicious attacker used the Secure Shell (SSH) brute force attack to install a DDoS attack malware on Linux and other types of systems. This is called XOR Malware of DDoS

As our mentor Tom Ptacek mentioned in his blog, disk encryption is "a mess about difficult transactions and messy compromises". Although this sounds very frustrating, it is very accurate - trying to encrypt an entire hard disk is full of restrictions