The personal website of Phil Massyn¶

September 2, 2024
in identity, list
3 min read

Single Sign On

Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services with one set of login credentials—typically a username and password. Instead of having to log in separately to each application, users authenticate once through a central identity provider, which then grants access to connected systems. This approach simplifies the user experience by reducing password fatigue and improving productivity, as users no longer need to manage multiple accounts or remember numerous passwords. SSO also enhances security by centralizing authentication and allowing for more robust controls, such as multi-factor authentication and centralized monitoring, thereby reducing the attack surface for potential breaches.

June 14, 2024
in security
6 min read

Security Breach Transparency

Another security breach has made the news. This time the folks at Ticketek are having a hard time explaining why ...customers' names, emails and dates of birth may have been accessed in cyber security breach.

June 8, 2024
in gcp
3 min read

Introduction to Google Cloud

I will always have a soft spot for AWS as my preferred cloud provider. A few weeks ago I was asked to develop a solution on Google Cloud, and while at first I had my reservations, it didn't take long for me to start liking it.

May 23, 2024
in security
4 min read

Automated Security Reporting

Having some form of automated security reporting platform will help organisations to have real-time visibility of the security posture across their environment. By tailoring the dashboards to different audiences (or personas), CISOs and CIOs can leverage data for decision-making, giving visibility to all levels within the organisation.

February 24, 2024
in massyn.net
2 min read

MKDocs and Material update

Back in 2021, I talked about how I moved my website away from Wordpress and onto a static-generated site using mkdocs. A few things have changed since then.

February 16, 2024
in security
6 min read

Vulnerability Management

Vulnerability management is a continuous, proactive, and often automated process that keeps your computer systems, networks, and enterprise applications safe from cyber-attacks and data breaches by ensuring any weaknesses in the underlying software are updated.

November 25, 2023
in security
4 min read

Why HTTP is bad

We've become accustomed to seeing HTTPS on our websites, yet there are still some that simply refuse to use HTTPS. Our favourite Bureau of Meteorology is exactly one such case.

November 22, 2023
in howto
2 min read

Multi Router Traffic Grapher

MRTG - an age-old graphing tool used by network administrators all over the world. But it's not just for networking systems. I've used it to monitor various things. In this how-to, I'll walk you through how you can create a simple MRTG system to track pretty much anything.

November 18, 2023
in security, list
3 min read

Strange password policies

We all have passwords, and the volume of passwords we need to manage is not slowing down. Most of the sites we interact with have some sort of a password policy that forces you to go through a process of trying to create them. I have written about this before.

July 28, 2023
in security
6 min read

Threat Modeling

Threat modeling is a process used by developers and engineers to understand the threats that exist that may exploit a weakness or vulnerability in a software application or platform.