Currently learning about OAuth 2.0. Great course on Pluralsight by Scott Brady! pluralsight.com/courses/oauth-… #oauth2 #pluralsight

Delighted to welcome our #MSc #Cyber #Security #students to campus today - module intros, practical work and a fantastic UWEcyber guest talk from Scott Brady of #RockSolidKnowledge on password security!

I’m having difficulty making a call for a cheatsheet regarding guidance to HMAC a password before sending it over TLS. Please chime in here if interested and have expertise in this area github.com/OWASP/CheatShe….

How I use @polywork to overcome feelings of impostor syndrome scottbrady91.com/soft-skills/po…

We always want our code to "run faster". But rarely do we ask – what is it running from?

Great #Umbraco v9 article by Scott Brady! Fyi Umbraco HQ "#Umbraco backoffice #SSO with #OpenID Connect" scottbrady91.com/umbraco/backof…

Understanding identity tokens: a deep dive into OpenID Connect's ID token. This is a reference piece, touching on who should use identity tokens, token format, validation, and when not to stuff them full of PII scottbrady91.com/openid-connect…

People still ask me questions about SSO for #Umbraco after my Umbraco Codegarden 2017 talk. My code hasn't been updated for ages and you should have a look at Scott Brady's articles on how to do it in Umbraco 9: scottbrady91.com/umbraco/backof… (back office) / scottbrady91.com/umbraco/fronte… (members)

Rhinestone Cowboy by Madvillain (2004) x.com/samplesmedia9/…

Step-up authentication with OAuth and OpenID Connect: how to trigger step-up authentication using open standards scottbrady91.com/oauth/step-up-…

The OpenID Foundation is excited to announce the 2022 Kim Cameron Scholarship. Learn more about the opportunity to receive a scholarship to European Identity & Cloud Conference or Identiverse including the submission process and deadlines here: openid.net/2022/04/08/ann… #oidf

linktr.ee/oauth2 - a one-stop list of RFC numbers, nicknames and links to OAuth 2.0 specifications. Quick to scroll and an easy to remember resource for beginners! Good for presentations and for pretending your memory is perfect when making comments at OAuth Security Workshop #osw7

CamperBob2 on HN is the hero we deserve. Don’t mistake Rule of Cool for likelihood. (also, love to see the “Security Theater” barb enter common parlance... we used it in the Security Chaos Engineering book to label traditional infosec and it ruffled feathers (the truth hurts))

Let’s stop blaming our users for getting hacked with Scott Brady

Periodic reminder that if your attack requires that you first somehow acquire the secret key to something, you have not in fact created a new attack.

Understanding JSON Web Encryption (JWE) - learn about the JWE format, why you need both JWE & JWS, and what encryption algorithms you'll be able to use. scottbrady91.com/jose/json-web-…

🔥 New Post: Announcing InAppBrowser - see what JavaScript commands get injected through an in-app browser 👀 TikTok, when opening any website in their app, injects tracking code that can monitor all keystrokes, including passwords, and all taps. krausefx.com/blog/announcin…

This is my account on Mastodon - hachyderm.io/@scottbrady - verified by Twittodon.com Twittodon.com twittodon.com