Security

Authentication

• First Public Working Draft: Federated Credential Management API | 2024 | News | W3C

Policy Papers

• Alternate cybersecurity futures - Atlantic Council - Examines three scenarios that highlight the risks and challenges posed by increased connectivity, the proliferation of threat actors, and the destabilizing effects of emerging technologies

Security in Practice

• Which Security Hill Will You Die On? | The Gray Area
• The immutable laws of security | Microsoft Learn

Health Care

• Healthcare and Public Health Cybersecurity | CISA - CISA and HHS are providing this toolkit filled with remedies to give sector stakeholders a greater ability to proactively assess vulnerabilities and implement solutions.

Resources

• The Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses is calculated by analyzing public vulnerability data in the National Vulnerability Data (NVD) for root cause mappings to CWE weaknesses for the previous two calendar years.
• CISA’s Known Exploited Vulnerabilities Catalog (KEV)
• Secure by Design | CISA

OWASP

• zaproxy/zaproxy: The ZAP core project

Secret Zero

• How do you deal with encrypting and saving credentials of a script multiple people use / ingest? : r/PowerShell

JWT

• Retrieve RSA signing keys from a JWKS endpoint

import requests,jwt
jwks_data = requests.get("https://hostname.com/openid/connect/jwks.json").json()
public_key = jwt.algorithms.RSAAlgorithm.from_jwk(jwks_data["keys"][0])
decoded_token = jwt.decode(token, public_key, algorithms=['RS256'])

openssl for creating shared keys

openssl rsa -in jwtRSA256-private.pem -outform PEM -out jwtRSA256-priv.pem
openssl rsa -in jwtRSA256-private.pem -pubout -outform PEM -out jwtRSA256-public.pem
openssl x509 -text -noout -in SLS_PUBLIC_KEY_A 
openssl x509 -text -in prod.cer -pubout -out prod.key
openssl x509 -text -in prod.cer -pubkey -out prod.key
openssl x509 -pubkey -noout -in prod.cer > prod.key