Tag: Infosec
-
Apache web server hardening and security guide
Posted on April 21, 2024, Level intermediate Resource Length medium
The Web Server is a crucial part of web-based applications. Apache Web Server is often placed at the edge of the network; hence it becomes one of the most vulnerable services to attack. A practical guide to secure and harden Apache HTTP Server. By Chandan Kumar.
Tags apache web-development cloud software-architecture infosec
-
DevOps security: Definition, best practices
Posted on March 22, 2024, Level beginner Resource Length long
DevOps has revolutionized the way organizations develop, deploy, and maintain applications. However, upholding security in a DevOps environment is a serious concern organizations must address in order to keep software development isolated from cyber threats while maintaining agility, production speed, and cross-team collaboration. By Anastazija Spasojevic.
Tags devops infosec cloud software-architecture learning
-
Using containerisation
Posted on February 18, 2024, Level beginner Resource Length long
Guidance on how to build and use containerised applications securely. Containers are a common approach for packaging and deploying applications, standardised by the Open Container Initiative (OCI). By National Cyber Security Centre.
Tags devops web-development app-development containers infosec kubernetes
-
Secure GraphQL endpoints in Spring reactive applications
Posted on December 25, 2023, Level intermediate Resource Length medium
Spring Supports GraphQL requests over HTTP, Websockets and RSockets. Securing an Spring GraphQL application does not differ from securing a Web application. Mainly, Spring GraphQL needs to ensure context propagates from WebFlux to the data fetching layer so that we can use Security annotations or access the authenticated principal in @SchemaMapping methods. This should work for HTTP and WebSocket. By Ruchira Madhushan Rajapaksha.
Tags apis infosec java restful web-development app-development
-
Using JWTs to authenticate services unravels API gateways
Posted on December 20, 2023, Level intermediate Resource Length medium
The API gateway component in a cloud native architecture is critical because it offloads critical API security and policy functionality to a common place, allowing the backend APIs and services to focus on business logic. API authentication, authorization, audit, throttling and similar tasks can be complex and difficult to get right, so many organizations choose an API gateway to handle them. By Christian Posta and Peter Jausovec.
Tags apis infosec java web-development app-development
-
TLS vs SSL: What's the difference? Which one should you use?
Posted on December 19, 2023, Level beginner Resource Length medium
Both TLS and SSL are protocols that help you securely authenticate and transport data on the Internet. But what's the difference between TLS vs SSL? And is it something you need to worry about? By kinsta.com.
Tags miscellaneous infosec browsers web-development ssl
-
Privacy vs. security: Exploring the differences & relationship
Posted on December 18, 2023, Level beginner Resource Length medium
Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks. By okta.com.
Tags miscellaneous infosec browsers web-development cio
-
Nginx security. Control resources and limits.
Posted on October 27, 2023, Level beginner Resource Length medium
Nginx is one of the best popular webservers today. Its popularity is due to the fact that it is very fast and easy to set up. Other side of this popularity - nginx is often being a target of malicious attacks. So, if your nginx is not limited by available resources, your server may totally "fall" when nginx spent all system resources. That's why you should control and limit resources Nginx consumed. By Vyacheslav Breus.
Tags servers web-development infosec performance
-
Raspberry Pi Zero headless quick start
Posted on October 26, 2023, Level intermediate Resource Length medium
This guide shows how to bring up a Raspberry Pi Zero, Zero W, or Zero 2 W without needing to attach a keyboard/mouse/monitor. For older Pi OS releases, basic settings can be configured by editing text files directly on the SD card using an editor on your main PC prior to first boot. For newer Pi OS releases, the rpi-imager tool can be used to both burn the OS image and configure settings. By Carter Nelson.
Tags cio software-architecture devops infosec
-
Comprehensive guide to Internet of Things data streaming from Raspberry Pi to Azure
Posted on October 25, 2023, Level intermediate Resource Length medium
What comes to mind when you hear "Raspberry Pi in the cloud"? A freshly baked pie floating away, forever out of reach? this blog post aims to paint a simpler picture, showing how easy it is to build your own IoT in the Cloud setup. As mentioned in the preface, this post is part of our ongoing IoT series, where we'll elevate our Raspberry Pi devices by streaming data into the Microsoft Azure Cloud. By Stepan GaponiukDr and Heiko Kromer.
Tags cloud azure iot infosec robotics
-
Security on the web
Posted on October 23, 2023, Level beginner Resource Length long
Websites contain several different types of information. Some of it is non-sensitive, for example the copy shown on the public pages. Some of it is sensitive, for example customer usernames, passwords, and banking information, or internal algorithms and private product information. By @mozilla.
Tags servers web-development infosec app-development browsers
-
A beginner's guide to behavior-driven development (BDD)
Posted on October 20, 2023, Level beginner Resource Length medium
BDD is the next step in the evolution of Test-Driven Development (TDD). It shifts the focus from thinking in tests to thinking in behavior. Imagine transitioning from assembling puzzle pieces to crafting a compelling story. BDD integrates various aspects of software development into a coherent narrative, fostering better communication and collaboration. By Rustam Sabirov.
Tags tdd software learning infosec