authorization | The Blog Pros

April 24, 2019

How to Guard Against Mobile App Deep Link Abuse

Mobile app developers often use deep links to improve the user experience and engagement by helping users navigate from the web to their app. However, our security testing has found an easily exploitable vulnerability when deep links are used incorrectly for authorization purposes. This blog will explain how this vulnerability can be exploited and how to safeguard your app by using the more secure version of deep links, App Links.

Deep Links Overview

Deep links are URLs that take users directly to specific content in an app. They can be set up by adding a data specification (URI) inside an Intent Filter. Whenever a user clicks a URL (either in a webview, in an app, or in a web browser in general) that matches the URI specified inside the intent filter, she will be taken to the activity that handles it. Below is an example that shows how to add a deep link that points to your activity in the AndroidManifest.xml file:

April 16, 2019

Authentication and Authorization in Microservice Architecture

This post was triggered by this Reddit post. Mostly because I got people looking strangely at me when I shouted "DO NOT DO THAT!" when I read the post.

We’ll use the usual Users and Orders example, because that is simple to work with. We have the usual concerns about users in our application:

April 4, 2019

Okta Expands Trust Platform

Todd McKinnon, CEO and Co-Founder, Okta had a strong opening keynote at Oktane19 with five new product announcements and four use cases shared by customers.

The five products:

January 16, 2019

Spring Security 5 Form Login With Database Provider

Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. It is one of the most powerful and highly customizable authentication and access control frameworks in the Java ecosystem.

This article is going to focus on Spring Security Form Login which is one of the most necessary parts of web applications. The example I am presenting here is a part of pdf (Programming Discussion Forum), a web application built with Spring 5, Hibernate 5, Tiles, and i18n.

January 11, 2019

Why Attribute-Based Access Control Will Become the Standard Model for Large Enterprises

Today, data is often characterized as the new oil of the digital age. Organizations are leveraging their data to enhance operational efficiency, better the customer experience, increase revenue, and boost growth. In addition, virtually every organization is now collecting data, whether it be from banks and financial institutions or healthcare organizations and industrial manufacturers.

Not only are these businesses all about collecting data, but they are also collecting it from a wide variety of sources at an accelerated pace, resulting in an increasingly complex data environment. Not to mention the business complexities collecting data brings like privacy protection, IP protection, and brand protection. However, data is only useful if it can be securely shared and leveraged across not only an entire organization but also across business partners and third-party suppliers.

January 9, 2019

Breaking Down the DevSecOps Approach

To keep pace with today’s on-demand world, organizations have shifted toward modern development practices like DevOps to immediately deliver products and services to their customers. DevOps merges software development and software operations teams, so they are no longer “siloed” under one roof. With DevOps, the development and operations teams work in concert to more cost-effectively operate and evolve applications at high speed to meet marketplace customer demands.

However, many organizations are realizing that security must play an integral role in ensuring that continuous delivery practices also embrace good security processes. What good is delivering applications at such a rapid pace if sensitive customer information is left in jeopardy?