Leveraging Cloud for Data Protection Compliance

Leveraging Cloud for Data Protection Compliance

Over the last couple of years, countries have adopted data protection regulations, appreciating the need to protect citizen data against unauthorized or unlawful processing, loss, theft, destruction, or damage. Such regulations include the General Data Protection Regulation (GDPR), Kenya Data Protection Act (KDPA) and the Uganda Data Protection and Privacy Act (UDPPA). Organizations of all sizes are required to comply with the data protection regulations as long as they collect and/or process customer data in their business operations. Many Small…

Read More Read More

Securing Android Application User Sessions

Securing Android Application User Sessions

Android application developers grapple with implementing user sessions that provide seamless user experience without compromising on application security. Android framework provides the option to use SharedPreferences, which is an easy and efficient way to store a small amount of key-value data especially for persisting user sessions. SharedPreferences however store data as plain text and therefore not ideal while storing sensitive data such as access keys and passwords as well as Personally Identifiable Information (PII). OWASP Mobile Top 10 highlights Insecure…

Read More Read More

Spring Boot Authentication and Authorization

Spring Boot Authentication and Authorization

Spring Boot is an open source Java-based framework that is widely used to create enterprise level microservices. Implementing secure authentication and authorization in such microservices brings up a new set of challenges to developers. Spring Security comes in handy by providing a powerful, secure and customizable authentication and authorization framework. Spring Security makes use of a Role Based Access Control (RBAC) model to help mitigate some of the inherent Authentication and Authorization security threats such as violation of least privilege…

Read More Read More