Tag: Infosec

• Maximizing your security posture with Azure ATP

  Posted on August 3, 2019, Level intermediate Resource Length medium

  Interesting article from Chris Hallum from Microsoft. Their customers spend a lot of time and money on security solutions and very few of them are taking full advantage of the solutions they've deployed. Even fewer of them are deploying or maintaining these solutions correctly. Based on this it's not surprising to see stats like "93% of all breaches could have been avoided if basic cyber hygiene had been in place" (Online Trust Alliance).

  ---

  Tags cloud infosec devops azure software-architecture

• How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

  Posted on July 31, 2019, Level intermediate Resource Length short

  Microsoft Defender ATP Research Team interesting article about inner workings of Windows Defender. Detecting and stopping attacks that tamper with kernel-mode agents at the hypervisor level is a critical component of the unified endpoint protection platform in Microsoft Defender Advanced Threat Protection.

  ---

  Tags cloud infosec azure machine-learning software

• Managing a secure JSON Web Token Implementation

  Posted on July 22, 2019, Level beginner Resource Length medium

  Daniel Fanara wrote this article about more advanced topics of managing secure JSON Web Tokens (JWT). They are great for representing a user's authentication / authorization state without needing to maintain a server-side session store.

  ---

  Tags infosec devops json infosec web-development

• Getting security to scale: learnings from modern app sec teams

  Posted on July 15, 2019, Level beginner Resource Length long

  Article by Jean-Baptiste Aviat about security challenges when operating at scale. The author sat with some of the best app sec teams operating today, and he figured there was a lot we could learn from them. The goal was to understand the challenges and the way these teams are working.

  ---

  Tags infosec cloud devops

• How a quantum computer could break 2048-bit RSA encryption in 8 hours

  Posted on July 13, 2019, Level beginner Resource Length short

  A new study shows that quantum technology will catch up with today's encryption standards much sooner than expected. That should worry anybody who needs to store data securely for 25 years or so. Article open MIT Technology review (technologyreview.com) site.

  ---

  Tags infosec data-science machine-learning

• Kali Linux in the DigitalOcean Cloud

  Posted on July 3, 2019, Level beginner Resource Length short

  Tutorial by Thomas d'Otreppe about installing custom image of Kali Linux on DigitalOcean. DigitalOcean is a cloud provider similar to AWS, Microsoft Azure, Google Cloud Platform, and many others. They offer instances, called "droplets", with different Linux distributions such as Debian, Ubuntu, FreeBSD, etc. Similar to AWS, DigitalOcean has datacenters around the world and sometimes multiple datacenters in each country.

  ---

  Tags cloud infosec servers

• Exploring container security: Encrypting Kubernetes secrets with Cloud KMS

  Posted on June 20, 2019, Level intermediate Resource Length short

  At Google Cloud, they care deeply about protecting your data. That's why Google encrypts data at rest by default, including data in Google Kubernetes Engine (GKE). Guide focusing on containers security directly from Google.

  ---

  Tags cloud servers google infosec

• Getting started with OpenSSL: Cryptography basics

  Posted on June 19, 2019, Level beginner Resource Length medium

  Good primer on the cryptography topic. Aimed at anybody in need of a primer on cryptography basics, especially regarding OpenSSL. By Marty Kalin.

  ---

  Tags infosec cloud servers

• Understanding and resolving SELinux denials on Android

  Posted on June 10, 2019, Level intermediate Resource Length short

  An article by Harsh Shandilya on hot topic of security for Android software. SELinux is an acronym for Security-enhanced Linux. It is a security feature built into the Linux kernel that enforces access control for programs via a predefined security policy put in place by the system administrators.

  ---

  Tags android app-development infosec

• CORS tutorial: guide to cross-origin resource sharing

  Posted on May 13, 2019, Level intermediate Resource Length medium

  In this article you will learn all about Cross-Origin Resource Sharing, the circumstances under which it is needed, the benefits it provides, and how to configure a Node + Express application to support CORS. Written by Steve Hobbs.

  ---

  Tags nodejs javascript programming infosec

• Seven tips on Firebase security rules and the Admin SDK

  Posted on March 14, 2019, Level beginner Resource Length long

  Posted by Hiranya Jayathilaka and Rachel Myers this article focuses on Firebase offers security rules -- a powerful mechanism that helps enforce the security and logical correctness of your apps. The backend services use security rules to authorize and validate the requests made by client apps, and make sure they adhere to the policies that app developers have put in place.

  ---

  Tags nosql infosec cloud app-development

• Authentication at Edge with StackPath

  Posted on January 22, 2019, Level beginner Resource Length long

  Jason Byrne thoughts on using cloud Edge for some common tasks. As we spread our applications out into serverless microservices, what better place for our entitlement checks than on the CDN?

  ---

  Tags web-development serverless apis infosec javascript

• ← Newer Posts
• Older Posts →