Safeguard
Tag

authentication

Safeguard articles tagged "authentication" — guides, analysis, and best practices for software supply chain and application security.

51 articles

Concepts

What Is Mutual TLS (mTLS)? Two-Way Authentication Explained

Mutual TLS makes both sides of a connection prove their identity with certificates, not just the server. It is the backbone of zero-trust communication between services.

Feb 11, 20255 min read
Concepts

What Is a JWT (JSON Web Token)

A JWT is a compact, signed token that carries claims like who a user is between parties. Learn its three parts, how signing works, and the common security pitfalls.

Oct 15, 20246 min read
Concepts

What Is SAML

SAML lets an identity provider vouch for you to other applications using signed XML assertions. Learn how it powers enterprise single sign-on and how it works.

Sep 24, 20246 min read
Concepts

What Is OpenID Connect (OIDC)

OpenID Connect adds a real identity layer on top of OAuth 2.0. Learn how it proves who a user is, what an ID token contains, and how it differs from plain OAuth.

Sep 10, 20246 min read
Concepts

What Is Authentication

Authentication is how a system proves you are who you claim to be. Here is what it means, how it works, the factors involved, and why it is the foundation of every access decision.

Jul 9, 20246 min read
Incident Analysis

Roku Credential Stuffing Attacks Compromise 576,000 Accounts

In April 2024, Roku disclosed that two separate credential stuffing campaigns had compromised approximately 576,000 customer accounts, with attackers making fraudulent purchases and changing account details on some affected accounts.

Apr 12, 20247 min read
Application Security

API Gateway Security Patterns That Actually Work

API gateways sit between the internet and your services. Getting the security patterns right here multiplies your defense across every API behind them.

Dec 12, 20236 min read
Application Security

OAuth Token Security Throughout the Lifecycle

OAuth tokens grant access to APIs, services, and user data. Their security across creation, storage, use, and revocation determines your application risk posture.

Nov 8, 20234 min read
Application Security

API Security Through the Supply Chain Lens

APIs are both an attack surface and a supply chain dependency. This guide examines API security risks from authentication to third-party integrations.

Sep 12, 20237 min read
Web Security

Authentication Bypass: Common Patterns Attackers Exploit

Authentication bypass vulnerabilities let attackers access protected resources without valid credentials. This guide covers the most common bypass patterns found in modern web applications and how to prevent each one.

Jun 5, 20238 min read
Vulnerability Analysis

Jira Service Management CVE-2023-22501: Broken Authentication Exposes Enterprise Workflows

A critical authentication vulnerability in Jira Service Management allowed attackers to impersonate users and gain access to sensitive service desk instances. The flaw bypassed email verification controls.

Feb 15, 20236 min read
Web Security

Session Management Security: A Complete Guide

Session management vulnerabilities enable account takeover, privilege escalation, and data theft. This guide covers session ID generation, storage, lifecycle, and the attacks that exploit weak session handling.

Feb 5, 20235 min read
authentication (Page 4) — Safeguard Blog