Detailed comparison of session-based and token-based authentication for enterprise SSO. Learn about scalability, security, and CIAM best practices.

Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs' Live Hack to learn about attack techniques, defensive ...

Application programming interfaces (APIs) are the connective tissue driving online business processes. Unfortunately, they have also become a common vector for cyberattacks, opening the floodgates for ...

A deep dive into implicit identity authentication methods for software development, covering oauth 2.0 flows, security risks, and modern alternatives for single-page applications.

ASP.NET Core offers a simplified hosting model, called minimal APIs, that allows us to build lightweight APIs with minimal dependencies. However, “minimal” doesn’t mean minimal security. Minimal APIs ...

The Internet Engineering Task Force (IETF) --the organization that develops and promotes Internet standards-- has approved three new standards this week designed to improve the security of ...

Today’s credential-based attacks are much more sophisticated. Whether it’s advanced phishing techniques, credential stuffing, or even credentials compromised through social engineering or breaches of ...

JFrog’s new Xray Secrets Detection uncovered active access tokens in popular open-source software registries including Docker, npm, and PyPI. Here are our findings and takeaways. As part of the ...