<?xml version="1.0"?>
<rss version="2.0">
   <channel>
      <title>SC Magazine Discussion  by Dr MJ Frederick</title>
      <link>https://padlet.com/mj_frederick/8miica9mqey1</link>
      <description>Application Security</description>
      <language>en-us</language>
      <pubDate>2017-09-30 21:01:16 UTC</pubDate>
      <lastBuildDate>2018-11-28 03:40:24 UTC</lastBuildDate>
      <webMaster>hello@padlet.com</webMaster>
      <image>
         <url></url>
      </image>
      <item>
         <title>SC- Application Security - Jessie Reddish (Group4)</title>
         <author>jessie_reddish</author>
         <link>https://padlet.com/mj_frederick/8miica9mqey1/wish/306592716</link>
         <description><![CDATA[<div><a href="https://www.scmagazine.com/home/security-news/report-reveals-struggles-of-smbs-navigating-cyber-threat-landscape/">https://www.scmagazine.com/home/security-news/report-reveals-struggles-of-smbs-navigating-cyber-threat-landscape/</a><br><strong>Report reveals struggles of SMBs navigating cyber threat landscape - </strong>47% Small/Medium businesses have no understanding of how to defend their companies against attacks. A lack of resources, training, and personal is the leading cause to a company's data breach. SMBs are losing the battle to high tech attacks and will need to make a serious investment in cyber security to shore up their data protection.</div><div><br><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-11-21 03:05:23 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/8miica9mqey1/wish/306592716</guid>
      </item>
      <item>
         <title>Group 6</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/8miica9mqey1/wish/308100653</link>
         <description><![CDATA[<div>With the latest Facebook breach, Keith Casey from Okta API Problem Solver brings steps for mitigating challenges for organizations. <br>1. Require MFA at the IDP level<br>2. Require MFA Before Linking Accounts<br>3. Zero Trust for Social Authentication<br>4. The Real Problem: Don’t Allow Impersonation<br>No matter the IDP (Identity Provider) it should be standard practice to have a second authentication factor. The same should be needed before linking accounts. Things like resetting passwords, transferring money or booking hotels ant etc. should require reauthentication or additional factors to confirm user's approval or identity to mitigate fraud, support issues and brand damage no matter the inconvenience. impersonation seems beneficial to organizations, but it comes with some potential drawbacks that could leave your system vulnerable so it’s better to not allow impersonation because the small advantages it gives aren’t worth the risks.</div>]]></description>
         <enclosure url="https://www.scmagazine.com/home/security-news/using-social-auth-with-your-app-4-steps-to-protect-your-users-and-mitigate-security-concerns/" />
         <pubDate>2018-11-27 02:44:19 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/8miica9mqey1/wish/308100653</guid>
      </item>
      <item>
         <title>Group 5</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/8miica9mqey1/wish/308460913</link>
         <description><![CDATA[<div><a href="https://www.scmagazine.com/home/security-news/companies-customers-will-avoid-you-after-a-breach-survey-says/">https://www.scmagazine.com/home/security-news/companies-customers-will-avoid-you-after-a-breach-survey-says/</a><br><br>Our group chose this article because it stood out as unique in the way it addressed application security. Instead of focusing on the technical side of things, this article explains the negative impact that lax or compromised app security can have on a business. Lost revenue and decreased faith from customers can break an entity.</div>]]></description>
         <enclosure url="" />
         <pubDate>2018-11-27 18:46:34 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/8miica9mqey1/wish/308460913</guid>
      </item>
      <item>
         <title>Group 7</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/8miica9mqey1/wish/308554616</link>
         <description><![CDATA[<div>Back in May of this year, a bug was identified within Facebook's search page that potentially allowed attackers to monitor search queries of users, as well as capture other information. According to the article, the search end point was not CSRF protected and had other flaws. This would have allowed users to be tricked into clicking into a malicious website that revealed numerical data related to their accounts, such as number of friends, etc. On the 13th, Facebook announced that the bug had been closed thanks in part to their bug bounty program. This article shows the importance of constant vigilance and safeguarding personal info even on websites that are believed to be safe or trusted. In addition, this shows that security flaws are important to actively monitor for in all applications as user data is constantly at risk from attackers.<br><br><a href="https://www.scmagazine.com/home/security-news/facebook-reportedly-fixes-search-bug-that-could-have-threatened-user-privacy/">https://www.scmagazine.com/home/security-news/facebook-reportedly-fixes-search-bug-that-could-have-threatened-user-privacy/</a></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-11-27 21:50:08 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/8miica9mqey1/wish/308554616</guid>
      </item>
      <item>
         <title>Group 8 (Mark Deel, Jonathan Pintos, Rachel Hale, and Long Phan)</title>
         <author>mark_deel</author>
         <link>https://padlet.com/mj_frederick/8miica9mqey1/wish/308582618</link>
         <description><![CDATA[<div>In this case, the interception of an authentication token leads to unhindered access to a large amount of personal information as well as access to customer's devices.<br><br></div>]]></description>
         <enclosure url="https://www.scmagazine.com/home/security-news/drone-vulnerability-could-compromise-enterprise-data/" />
         <pubDate>2018-11-27 23:48:56 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/8miica9mqey1/wish/308582618</guid>
      </item>
      <item>
         <title>Group 4 (Jesse, Peter, Pitou)</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/8miica9mqey1/wish/308607523</link>
         <description><![CDATA[<div>This is a very recent webcast that we found good enough to share. This session looks at the current state of application security and why treating the application seriously makes sense.</div>]]></description>
         <enclosure url="https://www.scmagazine.com/webcast/application-security/" />
         <pubDate>2018-11-28 02:03:52 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/8miica9mqey1/wish/308607523</guid>
      </item>
      <item>
         <title>(Group 3) Megan McDowell, David Carman, Jessie Spires   Forensics was run on an enterprise breach to find that initial access  was made through a web server to a database server through a roundabout route where the data thefts occurred, where accesses were amplified via malware targeting “low-hanging fruit.”  It should be warned that when web applications used as front-ends for databases are used, they become vulnerable to simple attacks such as SQL Injection.  The tech went on the internet and mocked such injection, finding his way into the server and to sensitive information as a test.  He warns that even if attacks are simple, defenses should not fail to be complex to protect from multiple variants of such attacks.</title>
         <author></author>
         <link>https://padlet.com/mj_frederick/8miica9mqey1/wish/308621842</link>
         <description><![CDATA[]]></description>
         <enclosure url="https://www.scmagazine.com/home/other/research/application-security/" />
         <pubDate>2018-11-28 03:39:08 UTC</pubDate>
         <guid>https://padlet.com/mj_frederick/8miica9mqey1/wish/308621842</guid>
      </item>
   </channel>
</rss>
