One of the extensively used alternatives for Synchronizer Token Pattern, for protection against Cross-Site Request Forgery, is the Double Submit Cookie. Double Submitting cookies, as the name suggest, is sending an arbitrary unique generated value, both as a cookie and a POST data, where the server compares the two to…

What is API security? An Application Programming Interface (API) can be defined as the middle man to a program’s backbone. Modern software is designed as stacks, more like sandwiches and APIs rest in the middle acting as a communicating relay between the program and the hardware drivers. Or else, from a web developer’s point…

What is ISO 27001? It is one of the standards introduced by the International Organization of Standardization (ISO) to assist in managing the security of assets such as intellectual property, financial information, employee details or information entrusted to you by third parties. Basically, it provides the requirements for an Information Security Management System (ISMS). …

Overview of the Process User executes google-authenticator to generate the QR code and verification code (secrets) User connects a MFA enabled device by scanning the QR code presented. Verfication code must be installed (stored) onto the VPN server itself During the authentication, OpenVPN will call the PAM module to perform verification on the user…