What will I cover in this post? In my previous post I have described Two-Factor Authentication with WebAuth. But what should you do when a user replaces WebAuthn device? In this post, we will learn how to reset WebAuthn for a specific user. In addition, we will see how to revert the WebAuthn configuration for all users. Reset WebAuthn for a specific user If a user replaces WebAuthn device he /she will not be able to login and will see the following error:
What will I cover in this post? We will learn how to configure Two-Factor Authentication with Keycloak WebAuth. In this post, I plan on: Explaining what is WebAuth Explaining how to configure WebAuth in Keycloak Do not forget to follow me on Twitter What is WebAuth? WebAuthn is the standard recommended by FIDO Alliance and W3C. WebAuthn defines a standard web API that gives users new methods to securely authenticate.
XML External Entities (XXE) is a dangerous vulnerability, currently ranked fourth (A4) in the OWASP Top Ten. Resolving this vulnerability should be a high priority for all Java developers. In this presentation, presented by Anat Mazar (https://www.linkedin.com/in/anat-mazar/) and Michael Furman (https://www.linkedin.com/in/furmanmichael/) on the OWASP meetup we will Demonstrate why XXE is so dangerous Show you how this vulnerability is typically resolved – in each and every place in the code that you parse an XML file Show you the better resolution – set a couple of system Java system properties once, and never worry about XXE again.
My SameSite Cookies podcast at the Application Security Podcast - Security Journey Podcasts. Learn about SameSite cookies, the threats they counter, and how SameSite + the Synchronizer Token Pattern work together to counter CSRF. .
My presentation at OWASP Chapters All Day The video is published here. How SameSite Cookies Are Making the World a Safer Place from Michael Furman
My short presentation at Write the Docs Meetup It shows top 3 tips how to create security documentation. The video is published here. Top 3 tips for security documentation from Michael Furman
My presentation at SecSessions - Cybersecurity Meetup The video is published here. OWASP Top Ten 2017 from Michael Furman
My presentation at Java.IL - the Israeli Java Community meetup. OWASP A4 XML External Entities (XXE) from Michael Furman
My presentation at OWASP Appsec IL 2018 The video is published here. Passwords are passé. WebAuthn is simpler, stronger and ready to go from Michael Furman