Skip to content

SaaS

General

Link Notes
How to Secure the SaaS Apps of the Future Several innovative new features that every enterprise SaaS application needs to embrace to protect users in the era of post-authentication attacks
Building to Prevent Subdomain Takeovers Four controls platforms can use when building a custom-domain feature to make it resilient to subdomain takeover down the road
How to improve cross-account access for SaaS applications accessing customer accounts Three ways to improve your cross-account access implementation for your products: using IAM roles and an external ID, using least-privilege IAM policies and role chaining, and using role tags and session tags for attribute-based access control
Single Sign-On Or Single Point of Failure? Various IdP compromise scenarios and their impacts, as well as how to harden and detect these attacks in Teleport installations

Zero Trust

Link Notes
The road to zero trust is paved with good intentions Where is your organization really in your zero trust journey, and how much further do you have to do? Implementing a true zero trust architecture is more aspirational than achievable
A Roadmap to Zero Trust Architecture This roadmap was built by security experts to provide a vendor agnostic Zero Trust architecture and example implementation timeline
Securing Your Contingent Workers With Zero Trust/ A market analysis of some of the potential paved paths in this space, some of the tradeoffs you’ll need to make, and some of the more common vendors for each area:
  • Supplied Devices: Give them devices you manage
  • Managed Devices: They supply the hardware; you manage the software
  • Isolated Browsers: Browser-based access for SaaS-only workers
  • Cloud Jumpboxes: A cloud machine which is required to access corporate systems
  • Managed VMs: A managed VM on an untrusted host which is required to access corporate systems
  • Posture-Based Exclusions: Only give access to your confidential data stores, not restricted data
  • Exception Rules: Put in exclusions for them to bypass your zero trust controls

SSO

General

Link Notes
ssoready Open-source dev tools for enterprise SSO
opkssh

Okta

Link Notes
10 Features to Enhance Your Okta Security Posture Post breaking down 10 key security configurations and features to ensure robust authentication and identity management within your Okta instance to help prevent future attacks
Starter guide to understanding Okta This article explains Okta's architecture and services, laying a solid foundation for threat research and detection engineering
Attack Techniques in Okta An overview of Okta's fundamental components and dive into each part of its environment:
How to Create a Secure CI/CD Pipeline Using Okta Terraform This article demonstrates how to create a secure CI/CD pipeline using Terraform, AWS, and GitHub Actions to manage Okta resources. It covers authentication, state management, secrets handling, and automated deployment workflows

Auth0

Link Notes
auth0-checkmate

Slack

Link Notes
Slack Audit Logs and Anomalies What are Slack Audit Logs?
slack-watchman

Extensions

Link Notes
crx-analyzer Local CLI tool for browser extension risk analysis