Tag: Education
Mutual Transport Layer Security (mTLS) allows two parties to authenticate each other during the initial connection of an SSL/TLS handshake. Source link lol
Read MoreThe term Multi-cloud refers to when a single organizations uses more than one public cloud service provider. The F5 State of Application Strategy Report noted that more and more organizations are using multi-clouds each year. But what does multi-cloud mean and what are the implications for security? Let’s start with the basics. What Is Cloud…
Read MoreWhat Is Authorization? Once a subject is authenticated, authorization (abbreviated as AuthZ) is the process of determining whether the given identity (for example, a user) is allowed to access the requested resource and, if so, what actions they are allowed to take. The goal is to give authenticated users access to the resources (such as…
Read MoreUnpacking Zero Trust As A Concept Since the term “zero trust” was coined in 1994 by Stephen Paul Marsh in his doctoral thesis, it’s gone through a lot of changes. So many, in fact, that security practitioners often find themselves with a mandate to implement it without a good understanding of how to do so.…
Read MoreIntroduction Disclosures of breaches often include mention of a “web shell” to further attacker ends. As one example, the Clop ransomware group (also known as ‘Lace Tempest,’ TA505, and FIN11) has used web shells as part of their attack chains in both the Kiteworks Accellion FTA breach of 2020 and the plethora of breaches related…
Read MoreIntroduction Once attackers have gained a foothold, perhaps by exploiting a remote code execution (RCE) vulnerability, leveraging a file upload, or some other tactic to gain execution on the target, they may end up using a web shell, as we described in a previous article. However, web shells are limited, and attackers may often want…
Read More