Blog

(Cloud)Flare Up: What you Need to Know about Ticketbleed

By | Date posted: March 2, 2017
Ticketbleed

As you’ve likely seen, last month, Cloudflare Engineer and crypto expert Filippo Valsorda discovered a software bug in F5 appliances. Named “Ticketbleed,” since it leaks SSL session identities like the famed Heartbleed, the vulnerability is in the transport layer security (TLS) stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time. F5 has since issued a patch for the vulnerability, cataloged as CVE-2016-9244, but we decided to take a closer look.
Read more

How to Build a Secure OAth Solution in Less Than 5 Minutes

By | Date posted: December 8, 2016

In our last post, Protecting Against OAuth Hacks, our CTO, Jason Macy, discussed the latest reported OAuth 2.0 hack “One OAuth 2.0 hack, 1 Billion Android App Accounts potentially exposed“. In the post, we discussed how the Forum Sentry API Security Gateway implements OAuth end-to-end and is not vulnerable to this recently reported vulnerability.
Read more

Protecting Against OAuth Hacks

By | Date posted: November 18, 2016
shutterstock_279329882-680x400

In this latest reported OAuth 2.0 hack entitled “One OAuth 2.0 hack, 1 Billion Android App Accounts potentially exposed“, it has been discovered that:

“…A remote simple hack devised by a group of security researchers threatens an amazing number of Android and iOS apps. An attacker can use the technique to sign into any victim’s mobile app account without any knowledge of the legitimate user…”

Read more

Why API Management Caught Google’s Eye

By | Date posted: October 27, 2016
api

Anytime one of the world’s largest and most innovative brands puts more than a half-billion dollars into an M&A deal, the market sits up and takes notice. But, when the deal involves one of the key players in the API Management space, well, it takes on an added significance.

It has been a little more than a month since Apigee announced its acquisition by Google for $625 million. What does the event mean to the broader industry – for us here at Forum Systems?

Read more

SAML SSO 5 Security Check Points

By | Date posted: August 1, 2016
Three-Benefits-SAML

Security Assertion Markup Language, or SAML, provides numerous benefits to enterprises, organizations and governments. One of its greatest assets is Single Sign-On (SSO), the ability to enable users to securely access multiple applications with a single set of credentials, entered once. With SAML, users and organizations can conduct business faster and more efficiently by seamlessly accessing multiple applications on the same domain or on multiple domains.


 

Read more

Establishing Identity Federation: Combining Identity With Data Security

By | Date posted: July 7, 2016
investigacion-red-de-investigadores

Identity Federation – Internal and External Services, Internal and External Users

Establishing an identity and trust solution among computing systems in a network ecosystem is not new to information technology, what is new is the multiple factors enterprises must consider when implementing and finding a seamless solution to leverage access to not only existing identity repositories, legacy systems and more and more services moving to the cloud.
Read more

Implementing Identity and Access Control? Don’t Forget the Data!

By | Date posted: May 19, 2016
big-data-skills-in-demand-are-a-mix-of-old-and-new-v2

Last weeks European Identity and Cloud conference (EIC) hosted by KuppingerCole in Munich, Germany, proved to be the start of a week full of conversations focusing on the questions and challenges surrounding identity. Conversations around terms and phrase such as “Centralized Identity”, “Hybrid-Cloud” and the latest hot topic of “Blockchain” filled the hall and exhibition center but the one conversation binding them all was “Security”, more specifically how to secure the actual data that identities are communicating without complicating the business process.
Read more