Tag: Infosec
-
JWT authentication in microservices
Posted on January 11, 2022, Level intermediate Resource Length medium
As with any Web Service, the microservices need to be protected from unauthorized access. So how do you protect each of your services? How does one share the token that is received from the Auth service?. By Anu Viswan.
Tags apis infosec restful devops
-
Choosing a cyber incident management platform
Posted on December 18, 2021, Level beginner Resource Length long
Efficiently dealing with an incident or crisis weighs heavily on three main factors; preparation, process and the tools you have to hand. The latter can greatly influence your incident management process and a cyber incident management platform should make the implementation of your incident response quick and easy rather than hinder it. By Cheryl.
Tags infosec management miscellaneous cio
-
Zero days explained: How unknown vulnerabilities become gateways for attackers
Posted on December 17, 2021, Level beginner Resource Length medium
A zero day is a security flaw for which the vendor of the flawed system has yet to make a patch available to affected users. You can't patch these holes—but you can still protect yourself. By Josh Fruhlinger.
Tags infosec app-development web-development devops learning
-
Managing Active Directory Objects with Azure AD provider for Terraform
Posted on December 15, 2021, Level intermediate Resource Length medium
Learn how to manage Active Directory Objects with Azure AD Provider for Terraform and see examples of how to authenticate and grant the correct permissions. By Adam Connelly.
Tags cloud infosec microservices
-
Zero trust workload security with GKE, Traffic Director, and CA Service
Posted on November 18, 2021, Level intermediate Resource Length medium
At the core of a zero trust approach to security is the idea that trust needs to be established via multiple mechanisms and continuously verified. Internally, Google has applied this thinking to the end-to-end process of running production systems and protecting workloads on cloud-native infrastructure, an approach we call BeyondProd. By Anoosh Saboori Product Manager, Zero Trust and Sanjay Pujare, Tech Lead, Proxyless gRPC Security.
Tags cloud containers gcp software-architecture infosec
-
User authentication with React and AWS Cognito
Posted on November 5, 2021, Level beginner Resource Length long
An article explaining how to integrate AWS Cognito with React for user authentication. Cognito collects a user's attributes, it enables simple, secure user authentication, authorization and user management for web and mobile apps. By Carlos Zuniga.
Tags infosec web-development open-source cloud react javascript
-
Unikraft and the coming of age of Unikernels
Posted on November 2, 2021, Level intermediate Resource Length long
Thanks to their excellent performance, unikernels have always had a great deal of potential for revolutionizing the efficiency of virtualization and cloud deployments. However, after many years and several projects, unikernels, for the most part, have not seen significant, real-world deployment. By Hugo Lefeuvre, Gaulthier Gain, Daniel Dinca, Alexander Jung, Simon Kuenzer, Vlad Bădoiu, Răzvan Deaconescu , Laurent Mathy, Costin Raiciu, Pierre Olivier, Felipe Huici.
Tags linux how-to performance programming infosec
-
Build and secure FastAPI server with Auth0
Posted on October 26, 2021, Level intermediate Resource Length medium
Learn the basics of FastAPI, how to quickly set up a server and secure endpoints with Auth0. By Mark Halpin.
Tags apis app-development infosec javascript python
-
Cybersecurity meets automotive business
Posted on October 24, 2021, Level beginner Resource Length medium
The automotive industry is well known for its security standards regarding the road safety of vehicles. All processes regarding vehicle development – from drawing board to sales – were standardized and refined over the years. Both internal tests, as well as globally renowned companies like NHTSA or EuroNCAP, are working hard on making the vehicle safe in all road conditions – for both passengers and other participants of road traffic. By Adam Kozłowski and by Marcin Wiśniewski.
Tags miscellaneous infosec robotics
-
Influencing ingress BGP routing using communities and local preference
Posted on October 19, 2021, Level advanced Resource Length long
Border Gateway Protocol (BGP) is an enormous protocol with a nearly endless list of features, knobs and capabilities. BGP's mechanism for choosing the best path is complex but also well known. You should brush up on that algorithm if you're out of practice. By Nicholas Russo.
Tags infosec servers linux devops cio
-
SSH tunneling explained
Posted on October 18, 2021, Level beginner Resource Length medium
In this post author will cover different tunneling features as supported by OpenSSH, which helps achieve security use cases such as remote web service access without exposing port on the internet, accessing server behind NAT, exposing local port to the internet. OpenSSH is the most widely used open-source SSH server. It comes pre-installed by default with the vast majority of Linux distributions. By Sakshyam Shah.
Tags infosec servers open-source linux app-development
-
The state of security operations: How SOCs changed in 2021
Posted on October 17, 2021, Level beginner Resource Length medium
Security operations has seen non-stop evolution and growth for many years, but the past 18 months has been particularly impactful on security operations teams. In addition to the drastic transformation brought on by the COVID-19 pandemic, there have also been some significant breaches that have shifted perspectives and highlighted some key areas of concern. By pwheiler.
Tags cio learning infosec miscellaneous