Browsed by
Category: Security

Password security standards

Password security standards

Some time ago I was looking for the current password security standards to design a good and safe solution according to nowadays recommendations. I was very surprised, that some of them are in conflict with each other. That鈥檚 why I decided to prepare a short summary of password security standards from the most popular global standards. There are presented the following standards: OWASP, OWASP ASVS, NIST, PCI-DSS and ISO 27001 with my comments. OWASP Do do not truncate passwords. Make…

Read More Read More

Secure way to create change email process

Secure way to create change email process

Some time ago I faced a challenge to design secure method for change email process in our authentication service. Every system has an user and usually uses the email address as a login to the systems. Moreover, they use email address for the purpose of communication with the end user. Even if we had an artificial login name in system, we should still care about the way, how we communicate with the user. Additionally systems use email address for forget…

Read More Read More

Which knowledge management tools should we use?

Which knowledge management tools should we use?

Knowledge base is the most basic tool for managing information. One of the knowledge management principles mentioned earlier, is to storing and sharing. Knowledge base satisfies them. There exist many mature software tools to manage it and the biggest one is broadly known by almost everybody. Wikipedia is probably the biggest open knowledge management tool in the internet. You can use a custom library to configure your own Wiki web site. It is very important to structure knowledge in this repository respectively to organization needs.

Aktywne zabezpieczenie aplikacji webowej – AppSensor

Aktywne zabezpieczenie aplikacji webowej – AppSensor

W poprzednim po艣cie opisa艂em, czym jest mechanizm AppSensor. Chcia艂bym teraz przedstawi膰 dok艂adniej jego spos贸b dzia艂ania i w jaki spos贸b pozwala na zabezpieczenie aplikacji webowej.

OWASP AppSensor – opis mechanizmu

OWASP AppSensor – opis mechanizmu

殴r贸d艂o OWASP OWASP (Open Web Application Security Project) jest to organizacja non-profit maj膮ca na celu analiz臋 zagadnie艅 zwi膮zanych z bezpiecze艅stwem aplikacji i opracowywanie rozwi膮za艅, kt贸re by艂yby u偶yteczne zar贸wno dla organizacji jak i dla pojedynczych tw贸rc贸w oprogramowania. Organizacja ta dzia艂a otwarcie, a wszystkie materia艂y s膮 darmowe i og贸lnodost臋pne. Nie jest ona tak偶e zwi膮zna z 偶adnym dostawc膮 oprogramowania i pozwala na niezale偶no艣膰 w tym zakresie. Jej g艂贸wn膮 si艂膮 nap臋dow膮 jest spo艂eczno艣膰 ludzi zainteresowanych tematem bezpiecze艅stwa. Tworz膮 oni narz臋dzia wspomagaj膮ce zabezpieczanie i testowanie…

Read More Read More