Having assessed many client-server, web and mobile “logon” infrastructures during penetration tests, I am left pondering several industry enigmas. Why are there so few good toolkits and libraries for performing secure logon activities? Why does nearly every application team develop logon as one-offs? Why do so few organizations “sponsor” the development of a common “logon” for […]