A Software-Defined Perimeter (SDP) is a security approach that restricts network access so only authorised users and devices can reach specific resources. It works by creating secure, temporary connections between users and the services they need, making the rest of the network invisible to outsiders. This method helps prevent unauthorised access and reduces the risk…
Category: Network Security
Zero Trust Network Access (ZTNA)
Zero Trust Network Access, or ZTNA, is a security approach that assumes no user or device should be trusted by default, even if they are inside the network. Instead, every request for access to resources is verified and authenticated, regardless of where it comes from. This helps protect sensitive information and systems from both external…
OAuth 2.1 Enhancements
OAuth 2.1 is an update to the OAuth 2.0 protocol, designed to make online authentication and authorisation safer and easier to implement. It simplifies how apps and services securely grant users access to resources without sharing passwords, by clarifying and consolidating security best practices. OAuth 2.1 removes outdated features, mandates the use of secure flows,…
Subresource Integrity (SRI)
Subresource Integrity (SRI) is a security feature that helps ensure files loaded from third-party sources, such as JavaScript libraries or stylesheets, have not been tampered with. It works by allowing website developers to provide a cryptographic hash of the file they expect to load. When the browser fetches the file, it checks the hash. If…
HTTP Security Headers
HTTP Security Headers are special instructions added to the responses sent by web servers to browsers. These headers tell browsers how to behave when handling website content, adding extra layers of protection against certain types of cyber attacks. By using these headers, websites can help prevent issues like cross-site scripting, clickjacking, and content sniffing, making…
Cross-Site Request Forgery (CSRF) Tokens
Cross-Site Request Forgery (CSRF) tokens are security features used to protect websites from unauthorised actions performed by malicious sites or scripts. They work by embedding a secret, unique token within each form or request sent by the user. When the server receives a request, it checks for a valid token, ensuring the action was genuinely…
Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF) is a security vulnerability where an attacker tricks a server into making requests to unintended locations. This can allow attackers to access internal systems, sensitive data, or services that are not meant to be publicly available. SSRF often happens when a web application fetches a resource from a user-supplied URL without…
Format String Vulnerabilities
Format string vulnerabilities occur when a computer program allows user input to control the formatting of text output, often with functions that expect a specific format string. If the program does not properly check or restrict this input, attackers can use special formatting characters to read or write memory, potentially exposing sensitive information or causing…
Cache Timing Attacks
Cache timing attacks are a type of side-channel attack where an attacker tries to gain sensitive information by measuring how quickly data can be accessed from a computer’s memory cache. The attacker observes the time it takes for the system to perform certain operations and uses these measurements to infer secrets, such as cryptographic keys….
State Channel Networks
State channel networks are systems that allow parties to conduct many transactions off the main blockchain, only settling the final outcome on-chain. This approach reduces congestion and transaction fees, making frequent exchanges faster and cheaper. State channels are most often used for payments or games, where participants can interact privately and only broadcast a summary…