All posts/ #security

• 

  Test the ZITADEL Management API with Postman

  This post walks you through the process of testing the ZITADEL Management API to create ZITADEL Projects, Apps, and Users with Postman.

  March 7, 2024  • 5 min
• 

  Test Token Introspection in ZITADEL with Postman

  This post walks you through the process of calling a protected API that utilizes token introspection in ZITADEL. We'll guide you step by step through the setup and demonstrate how to use Postman for effective testing.

  March 7, 2024  • 5 min
• 

  Test User Login Flows in ZITADEL with Postman

  This post explains how to integrate ZITADEL's login flow into your web application, guiding you through the setup process step by step, and also how to leverage Postman to test and ensure the login flow works flawlessly.

  March 7, 2024  • 5 min
• 

  Thank you for Making ZITADEL More Secure

  In the past few weeks, we mitigated multiple vulnerabilities reported by different security researchers that could have impacted the security of systems using ZITADEL.

  December 12, 2023  • 4 min
• 

  Migrate Users from Keycloak to ZITADEL

  With PBKDF2 support now available, transitioning your users from Keycloak to ZITADEL has become smoother than ever. Dive into this tutorial to master the migration process.

  October 10, 2023  • 15 min
• 

  Evolving IoT Security: From Traditional Logins to Device Authorization Flow

  Delve into the transformative power of the OAuth 2.0 Device Authorization Flow, enabling seamless logins across smart devices. Learn how standards-compliant Identity Providers are anchoring this wave of secure, user-friendly authentication.

  September 22, 2023  • 5 min
• 

  Why FIDO2 Passkeys are Safer than MFA and Passwords

  This article explores the reasons why FIDO2 passkeys surpass passwords and MFA in terms of security.

  September 7, 2023  • 5 min
• 

  Navigating Session Logouts, Timeouts, and Token Expiry

  Using ZITADEL's OIDC integrations as a guide, this article offers insights into mastering the essential security measures of session timeouts, logouts, and token expriy.

  August 31, 2023  • 12 min
• 

  How MFA Fatigue Attacks Compromise User Security

  This article discusses MFA Fatigue Attacks targeting MFA systems with push notifications and how we can mitigate them.

  July 11, 2023  • 5 min
• 

  ZITADEL and Fine-Grained Authorization: A Code-Focused Exploration

  This articles showcases fine-grained authorization with ZITADEL and delves into managing access control, validating tokens, and separating business logic from authorization rules.

  June 15, 2023  • 10-15 min
• 

  5 Authentication Methods at ZITADEL - Ranked from Least to Most Secure

  This article showcases ZITADEL's five implementable authentication methods ranked from worst to best regarding security and user experience (UX).

  June 1, 2023  • 5 min
• 

  How Password Hashing and Salt Can Enhance Password Security

  This article discusses the importance of password hashing and salting to secure password storage.

  May 18, 2023  • 5 min