Owasp

How to reset Two-Factor WebAuth

What will I cover in this post? In my previous post I have described Two-Factor Authentication with WebAuth. But what should you do when a user replaces WebAuthn device? In this post, we will learn how to reset WebAuthn for a specific user. In addition, we will see how to revert the WebAuthn configuration for all users. Reset WebAuthn for a specific user If a user replaces WebAuthn device he /she will not be able to login and will see the following error:

Two-Factor Authentication with Keycloak WebAuth

What will I cover in this post? We will learn how to configure Two-Factor Authentication with Keycloak WebAuth. In this post, I plan on: Explaining what is WebAuth Explaining how to configure WebAuth in Keycloak What is WebAuth? WebAuthn is the standard recommended by FIDO Alliance and W3C. WebAuthn defines a standard web API that gives users new methods to securely authenticate. It can be incorporated into browsers and related web platform infrastructure, in the browser, across multiple sites, and on numerous device types.

Preventing OWASP A4 XML External Entities (XXE) in a better way

XML External Entities (XXE) is a dangerous vulnerability, currently ranked fourth (A4) in the OWASP Top Ten. Resolving this vulnerability should be a high priority for all Java developers. In this presentation, presented by Anat Mazar (https://www.linkedin.com/in/anat-mazar/) and Michael Furman (https://www.linkedin.com/in/furmanmichael/) on the OWASP meetup we will Demonstrate why XXE is so dangerous Show you how this vulnerability is typically resolved – in each and every place in the code that you parse an XML file Show you the better resolution – set a couple of system Java system properties once, and never worry about XXE again.