Like other cloud services, Azure is a prime target for attackers. This is due to its growing popularity and strategic importance for businesses.
To reduce the risk of security breaches, it is essential to implement robust security measures. It is also important to understand the types of attack and assess their potential impact.
Cloudflare has established itself as a key player on the web in recent years, offering not only CDN services, but also protection against various attacks. However, for these protections to be fully effective, it is essential that the server is correctly configured.
Indeed, it is crucial to prevent attackers from gaining direct access to the servers hosting web applications. To do this, users must use Cloudflare, which will redirect traffic to the server according to the specific rules defined by the client.
Whatever the web application, it is common practice to allow users to change their email address. This functionality is critical because it has a direct impact on account management. Furthermore, the email address is often used as an identifier for authentication. It is therefore essential to secure this functionality.
There are several different situations. In some cases, the application allows users to change their own email address. In other cases, an administrator can change users’ email addresses. Sometimes, both options are possible.
IoT security is a key issue for organisations. In all sectors and areas of activity (healthcare, industry, services, transport, energy, etc.), the IoT brings development and growth.
There are currently an estimated 15 billion IoT objects in use worldwide. This number could double by 2030. However, this proliferation of connected objects brings with it new challenges, particularly in terms of security.
With cyberattacks on the rise, carrying out an IT security audit has never been a higher priority for businesses.
Web applications, mobile apps, APIs, cloud infrastructures, connected objects, networks and people – nothing is spared. As a result, security audits have become an essential tool for all types of business. Whether technical audits, organisational security audits or compliance audits, there are numerous solutions for securing an information system and countering risks.
We can’t talk about social engineering without mentioning phishing. Similarly, email is essential when it comes to phishing. Although there are other social engineering techniques, such as vishing, and multiple phishing vectors, such as SMS (smishing), email remains the preferred tool of attackers.
In this article, we will present three tools commonly used to carry out phishing campaigns: Gophish, Evilginx and Evilgophish.
Secure identity and access management has become a key challenge for organisations. Among the solutions available, Security Assertion Markup Language (SAML) has become an essential standard for single sign-on (SSO).
This XML-based protocol enables users to authenticate once and access multiple applications without having to log in again, simplifying the user experience. However, if poorly implemented, critical vulnerabilities can be exploited.
Developed in 2012 and made open source in 2015 by Facebook, GraphQL (Graph Query Language) has been under the umbrella of the GraphQL Foundation since 2019.
GraphQL is a query language, i.e. a language used to access data in a database or any other information system, in the same way as SQL (Structured Query Language).
Authentication and, by extension, user identification are central to web applications.
These two mechanisms are used to manage rights and access (for example, between an administrator and a standard user), to partition data between different accounts, to identify different users, etc.