Brennenstuhl on Security Engineering
In this blog, I dive deep into the world of Web Application Security, discuss the latest techniques and best practices to secure your web applications from various threats. I’ll cover a range of topics such as password security, authentication and authorization, providing you with valuable insights to help you protect your applications. Additionally, I cover adjacent hot topics like the use of JSON Web Tokens (JWT) for secure transmission of data over the web. Stay tuned for regular updates and informative articles on web security engineering.
What is JWA? A Deep Dive into JSON Web Algorithms
The JSON Web Algorithms (JWA) standard provides definitions for several cryptographic algorithms. These algorithms enable a variety of purposes. In this article I'll introduce you to the essential ideas of JWA and outline how it helps to power e.g. OpenID Connect (OIDC).
Mastering JWKS: JSON Web Key Sets Explained
Implementing JSON Web Key Sets (JWKS) is crucial for organizations that want to leverage modern, decentralized authentication and authorization protocols. In this article I discuss the purpose of JWKS, guide you though their technical specification and outline benefits as well as best-practices to securely exposing public key material.
JWE Token: An In-depth Exploration into JSON Web Encryption Standards
Have you ever wondered about the intricacies of JSON Web Encryption Standards? Get ready to decode the enigma with this deep dive into JWE Tokens. Gain insightful knowledge and grasp common data security use cases.
JWT vs OAuth 2.0: Understanding the Key Differences
The interplay of tokens and protocols has fundamentally transformed how we authenticate, authorize, and securely communicate data over the Internet. Two important players in this realm are JSON Web Tokens (JWT) and OAuth 2.0. Though they serve different purposes, there's often confusion about their functionalities and application. How do they differ? Can one replace the other?
What is Whaling Cyber Awareness? Prevention Tips & Training
In this comprehensive guide I talk about key concepts of cybersecurity awareness training and defensive measures in context of whale phishing. Learn how AI and ML can support whaling prevention and understand why knowledge is our strongest weapon, and vigilance our constant ally.
Whaling Phishing: Definition and Prevention Strategies
Dive deep into the ocean of cyber security, exploring the insidious technique of whaling. Discover why understanding whaling in cyber security can make all the difference in safeguarding your organization from these crafty predators of the digital sea.