Author

Mike Grady (ISG)

Dangerous SAML SSO vulnerability?

Several sources have recently reported the discovery of a ‘flaw’ in certain SAML implementations that could allow a ‘bad actor’ to alter the identity carried in a Single Sign-On SAML assertion and legitimately log in as a different user as reported by TechTarget. Wow – that’s bad!  That was my initial reaction, and I envisioned […]

Triangulating and closing security compromises

              But the CEO told me to wire $60K to the Caymans! We’ve seen a recent rash of e-mail exploits that blend “social engineering” with e-mail technology. These exploits use e-mail to impersonate respected leaders and authorities of an enterprise giving direction to subordinates or delivering malware payloads and […]

SSO with Azure – some considerations

Microsoft Windows Azure Active Directory can be used as your Identity Provider (IdP) in the cloud just as you would Active Directory Federation Services (ADFS) on premises.   There is a growing set of features and services available for Authentication and Federation services in Azure.  The easiest and most direct method is to add Applications to […]

Agility in Test and Dev

Test and Dev environments can be a challenge both logistically and financially.  Building and maintaining an on-premises set of servers and storage for the necessary functions can consume a lot of equipment, footprint, and associated environmental and support resources.  Also, these functions are typically only used periodically and for a limited duration, so dedicating resources […]

Contact Us Close