Security News

Access control in cloud-native applications in multi-location environments (NIST SP 800-207)
2023-09-14 08:45

Enterprise application environments consist of geographically distributed and loosely coupled microservices that span multiple cloud and on-premises environments. Users from different locations access them through different devices.

Introducing Permit.io: Simplifying access control and policy management for developers
2023-05-18 04:00

In this Help Net Security video interview, Or Weis, Co-Founder and CEO of Permit.io, discusses an innovative approach to managing permissions and access control within applications. We will explore policy as code and how it addresses organizations' challenges in managing access control effectively.

5 steps to building NSA-level access control for your app
2023-04-13 04:00

Access control has become a main concern when it comes to developing secure web applications, and the NSA has a lot to say about it. In this article, we will focus and elaborate on the best practices offered by the NSA for building secure access management, and how they can be implemented at the application level.

Purpose-based access control: Putting data access requests into context
2022-10-10 05:00

Role-based access control is a simple, understandable approach to making data access permit/deny decisions. Their contract negotiation teams often needed access to prepare quotes for new business, and accounts receivable needed access for accurate billing based on performance-related contract terms.

A Taxonomy of Access Control
2022-08-12 11:38

My personal definition of a brilliant idea is one that is immediately obvious once it’s explained, but no one has thought of it before. I can’t believe that no one has described this taxonomy of...

Researchers Disclose Critical Flaws in Industrial Access Control System from Carrier
2022-06-14 01:31

As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security researchers Steve Povolny and Sam Quinn said in a report shared with The Hacker News.

Hey – how did you get in here? Number one app security weakness of 2021 was borked access control, says OWASP
2021-09-10 18:35

The Open Web App Security Project has released its Top Ten list of vulnerabilities in web software, as part of the general movement to make software less painfully insecure at the design stage. This year's current number one web app security flaw is Broken Access Control, with OWASP glumly noting: "The 34 CWEs* mapped to Broken Access Control had more occurrences in applications than any other category."

Immuta provides automated data access control in Snowflake’s Partner Connect portal
2021-07-08 23:30

Immuta announced it is now available to provide automated data access control in Snowflake's Partner Connect portal. While Snowflake Partner Connect originally focused primarily on ETL tools, the partner portal is now expanding to include tools in the data governance and access control ecosystem.

Immuta’s SaaS deployment option helps implement data access control across cloud data environment
2021-07-02 02:00

Immuta launched new SaaS deployment option, enabling data teams to implement data access control across their entire cloud data environment in minutes. Modern data teams are moving to pure SaaS deployments for all of their analytics and data science, and they want access control delivered in the same way.

HID Global expands physical access control credential portfolio with MIFARE DESFire EV3
2021-07-01 01:45

Continuing its commitment to providing these options, HID Global announced the implementation of the latest MIFARE DESFire EV3 credential. "Our credential based on NXP MIFARE DESFire EV3 delivers this technology's full range of advanced security and privacy capabilities and reinforces them with HID's powerful model for identity data protection," said Harm Radstaak, Senior Vice President and Head of Physical Access Control Solutions with HID Global.