When it comes to digital certificates, the Subject Alternative Name (SAN) extension plays a crucial role in how modern systems authenticate and communicate securely. Although the Common Name (CN) field traditionally carried the hostname of a server, today it’s the SAN extension that browsers and applications actually pay attention to. In fact, industry standards have…
Category: access_control
IAM vs PAM vs IGA – what is the difference?
Identity security is now a cornerstone of enterprise cyber defence, particularly in the UK where regulatory pressure and threat levels continue to rise. Security teams often hear three related but distinct terms: IAM (Identity and Access Management), PAM (Privileged Access Management), and IGA (Identity Governance and Administration). While they overlap, each addresses different layers of…
Refresh JWTs are subject to compromise
Refresh JSON Web Tokens (JWTs) are a crucial part of maintaining user authentication sessions without requiring frequent logins. However, if not implemented securely, refresh tokens can become a major security risk. Here are some common ways refresh JWTs can be compromised: 1. Token Theft via Storage Vulnerabilities Storing refresh tokens improperly is one of the…
IP Spoofing
IP spoofing is a cyberattack technique in which an attacker manipulates the source IP address in network packets to appear as though they are coming from a trusted source. This deceptive practice allows attackers to bypass security measures, launch denial-of-service (DoS) attacks, and intercept sensitive communications. The objective of IP spoofing is often to initiate…
JWT
JSON Web token (JWT) is an open standard (RFC-7519) that defines a compact self-contained way for securely transmitting information between parties as a JSON object. The format is intended for use in space constrained environments, such as HTTP authorization headers and URI query parameters. JWTs encode claims transmitted as JSON objects contained as a payload…
MIC Solutions 