Enclave is presently engaged in leading a number of community driven information security efforts.
Some of the more popular projects Enclave personnel are leading are: The CIS Critical Security Controls The Open Threat Taxonomy The Audit Scripts Security Policy Library Technical Security Audit Checklists Information Security Briefings Click Here to Learn More.
This document is intended for anyone who develops websites or is interested in web security topics.
A background in HTML, Java Script, and Document Object Model (DOM) would be helpful for some of the more technical details.
I recently saw an internet meme going around that showed a sticker shaped like a cloud and in the cloud were the words “The Cloud is just someone else’s computer.”. Any company’s cloud solution is simply a series of data centers, geographically managed on the internet so that you find the one network-wise closest to you.
The idea that the cloud is someone else’s computer is exactly why many companies use federation sign on services.
The configuration, setup and maintenance of federated single sign on to the cloud requires a significant amount of work. This measure of control is quite a discussion point when you are using “someone else’s computer”.Once executed by the victim's browser, this code could then perform actions such as completely changing the behavior or appearance of the website, stealing private data, or performing actions on behalf of the user.Don't worry, we'll show you what all this means, but before we dig deeper, let's take a look at some interactive examples to see how it works. This is a working demo application; so, you can interact with it--try searching for something.You will learn the version of device a user is connecting from, the application they are using, the IP address of the originating client, the user name and more.The ”how to” for ADFS auditing Configuring ADFS Servers for Troubleshooting can be found in this Tech Net link under the “Configuring ADFS Servers to Record Auditing of ADFS Events to the Security Log” heading.XSS vulnerabilities most often happen when user input is incorporated into a web server's response (i.e., an HTML page) without proper escaping or validation. For your reference, we also included the App Engine source code--you can view the code by clicking on " on line 12.