Role-Based Access Control (RBAC) is a method for managing user permissions within a system by assigning roles to users. Each role comes with a set of permissions that determine what actions a user can perform or what information they can access. This approach makes it easier to manage large groups of users and ensures that…
Category: Cybersecurity
Privileged Access Management
Privileged Access Management, or PAM, is a set of tools and practices used by organisations to control and monitor who can access important systems and sensitive information. It ensures that only authorised individuals have elevated permissions to perform critical tasks, such as changing system settings or accessing confidential data. By managing these special permissions, businesses…
Credential Rotation Policies
Credential rotation policies are rules and procedures that require passwords, keys, or other access credentials to be changed regularly. This helps reduce the risk of unauthorised access if a credential is compromised. By updating credentials on a set schedule, organisations can limit the damage caused by leaked or stolen credentials.
Secure Token Storage
Secure token storage refers to the safe handling and saving of digital tokens, such as authentication tokens, session tokens, or API keys, to protect them from unauthorised access. These tokens often grant access to sensitive systems or data, so storing them securely is crucial to prevent security breaches. Best practices include using encrypted storage areas,…
JSON Web Tokens (JWT)
JSON Web Tokens (JWT) are a compact and self-contained way to transmit information securely between parties as a JSON object. They are commonly used for authentication and authorisation in web applications, allowing servers to verify the identity of users and ensure they have permission to access certain resources. The information inside a JWT is digitally…
OpenID Connect
OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol. It allows users to use a single set of login details to access multiple websites and applications, providing a secure and convenient way to prove who they are. This system helps websites and apps avoid managing passwords directly, instead relying…
OAuth 2.1 Enhancements
OAuth 2.1 is an update to the OAuth 2.0 protocol, designed to make online authentication and authorisation safer and easier to implement. It simplifies how apps and services securely grant users access to resources without sharing passwords, by clarifying and consolidating security best practices. OAuth 2.1 removes outdated features, mandates the use of secure flows,…
Session Token Rotation
Session token rotation is a security practice where session tokens, which are used to keep users logged in to a website or app, are regularly replaced with new ones. This reduces the risk that someone could steal and misuse a session token if it is intercepted or leaked. By rotating tokens, systems limit the time…
Secure Cookie Attributes
Secure cookie attributes are special settings added to cookies to help protect users and their data when browsing websites. These attributes control how and when cookies are sent by browsers, reducing the risk of sensitive information being exposed or stolen. Common secure attributes include Secure, HttpOnly, and SameSite, each serving a different purpose to improve…
Subresource Integrity (SRI)
Subresource Integrity (SRI) is a security feature that helps ensure files loaded from third-party sources, such as JavaScript libraries or stylesheets, have not been tampered with. It works by allowing website developers to provide a cryptographic hash of the file they expect to load. When the browser fetches the file, it checks the hash. If…