authentication
Safeguard articles tagged "authentication" — guides, analysis, and best practices for software supply chain and application security.
51 articles
What Is Mutual TLS (mTLS)? Two-Way Authentication Explained
Mutual TLS makes both sides of a connection prove their identity with certificates, not just the server. It is the backbone of zero-trust communication between services.
What Is a JWT (JSON Web Token)
A JWT is a compact, signed token that carries claims like who a user is between parties. Learn its three parts, how signing works, and the common security pitfalls.
What Is SAML
SAML lets an identity provider vouch for you to other applications using signed XML assertions. Learn how it powers enterprise single sign-on and how it works.
What Is OpenID Connect (OIDC)
OpenID Connect adds a real identity layer on top of OAuth 2.0. Learn how it proves who a user is, what an ID token contains, and how it differs from plain OAuth.
What Is Authentication
Authentication is how a system proves you are who you claim to be. Here is what it means, how it works, the factors involved, and why it is the foundation of every access decision.
Roku Credential Stuffing Attacks Compromise 576,000 Accounts
In April 2024, Roku disclosed that two separate credential stuffing campaigns had compromised approximately 576,000 customer accounts, with attackers making fraudulent purchases and changing account details on some affected accounts.
API Gateway Security Patterns That Actually Work
API gateways sit between the internet and your services. Getting the security patterns right here multiplies your defense across every API behind them.
OAuth Token Security Throughout the Lifecycle
OAuth tokens grant access to APIs, services, and user data. Their security across creation, storage, use, and revocation determines your application risk posture.
API Security Through the Supply Chain Lens
APIs are both an attack surface and a supply chain dependency. This guide examines API security risks from authentication to third-party integrations.
Authentication Bypass: Common Patterns Attackers Exploit
Authentication bypass vulnerabilities let attackers access protected resources without valid credentials. This guide covers the most common bypass patterns found in modern web applications and how to prevent each one.
Jira Service Management CVE-2023-22501: Broken Authentication Exposes Enterprise Workflows
A critical authentication vulnerability in Jira Service Management allowed attackers to impersonate users and gain access to sensitive service desk instances. The flaw bypassed email verification controls.
Session Management Security: A Complete Guide
Session management vulnerabilities enable account takeover, privilege escalation, and data theft. This guide covers session ID generation, storage, lifecycle, and the attacks that exploit weak session handling.