The old days of plugging in a misconfigured firewall and relying on a couple of specialists to save the day are long gone. Now you need a team that proactively assesses security risk and can work with the whole organisation to address these issues. Cyber Security @ ASOS is a…

Cyber Security Operations (SecOps) is going through an exciting period of transformation here at ASOS. SecOps is responsible for the complete monitoring, protection, and investigation of ASOS’s digital and technology solutions against the rapidly evolving ever changing global security threat. We’re expanding our Cyber Security capability to ensure the continued…

We see many headlines about the evolving cyber security threat that affects all types of companies. At ASOS we have a Cyber Security team that works across the whole of ASOS to help protect our customers, our employees and our brand. …

Threat modelling is a very hot topic within security. With many companies struggling to roll out this methodology, we needed a solution that would allow us to do this at scale — Threat modelling allows us to look at any given application and the infrastructure it lives in, as well as document and prioritise the security flaws. For more detail check out the following OWASP entry: https://www.owasp.org/index.php/Application_Threat_Modeling.

A common strategy for API authentication and authorisation is to use JWT bearer tokens on the headers of requests. The APIs being designed will often have logic that depends on the claims in the payload of the JWT for making authorisation decisions. …