Tag: Infosec

Implement security breach prevention and recovery infrastructure

Posted on April 30, 2024, Level intermediate Resource Length medium

As part of Zero Trust adoption guidance, this article is part of the Prevent or reduce business damage from a breach business scenario and describes how to protect your organization from cyberattacks. This article focuses on how to deploy additional security measures to prevent a breach and limit its spread and to create and test a business continuity and disaster recovery (BCDR) infrastructure to more quickly recover from a destructive breach. By BrendaCarter, joe-davies-affirm and MicrosoftGuyJFlo.

Tags devops azure ssl app-development infosec teams servers
Apache web server hardening and security guide

Posted on April 21, 2024, Level intermediate Resource Length medium

The Web Server is a crucial part of web-based applications. Apache Web Server is often placed at the edge of the network; hence it becomes one of the most vulnerable services to attack. A practical guide to secure and harden Apache HTTP Server. By Chandan Kumar.

Tags apache web-development cloud software-architecture infosec
DevOps security: Definition, best practices

Posted on March 22, 2024, Level beginner Resource Length long

DevOps has revolutionized the way organizations develop, deploy, and maintain applications. However, upholding security in a DevOps environment is a serious concern organizations must address in order to keep software development isolated from cyber threats while maintaining agility, production speed, and cross-team collaboration. By Anastazija Spasojevic.

Tags devops infosec cloud software-architecture learning
Using containerisation

Posted on February 18, 2024, Level beginner Resource Length long

Guidance on how to build and use containerised applications securely. Containers are a common approach for packaging and deploying applications, standardised by the Open Container Initiative (OCI). By National Cyber Security Centre.

Tags devops web-development app-development containers infosec kubernetes
Secure GraphQL endpoints in Spring reactive applications

Posted on December 25, 2023, Level intermediate Resource Length medium

Spring Supports GraphQL requests over HTTP, Websockets and RSockets. Securing an Spring GraphQL application does not differ from securing a Web application. Mainly, Spring GraphQL needs to ensure context propagates from WebFlux to the data fetching layer so that we can use Security annotations or access the authenticated principal in @SchemaMapping methods. This should work for HTTP and WebSocket. By Ruchira Madhushan Rajapaksha.

Tags apis infosec java restful web-development app-development
Using JWTs to authenticate services unravels API gateways

Posted on December 20, 2023, Level intermediate Resource Length medium

The API gateway component in a cloud native architecture is critical because it offloads critical API security and policy functionality to a common place, allowing the backend APIs and services to focus on business logic. API authentication, authorization, audit, throttling and similar tasks can be complex and difficult to get right, so many organizations choose an API gateway to handle them. By Christian Posta and Peter Jausovec.

Tags apis infosec java web-development app-development
TLS vs SSL: What's the difference? Which one should you use?

Posted on December 19, 2023, Level beginner Resource Length medium

Both TLS and SSL are protocols that help you securely authenticate and transport data on the Internet. But what's the difference between TLS vs SSL? And is it something you need to worry about? By kinsta.com.

Tags miscellaneous infosec browsers web-development ssl
Privacy vs. security: Exploring the differences & relationship

Posted on December 18, 2023, Level beginner Resource Length medium

Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks. By okta.com.

Tags miscellaneous infosec browsers web-development cio
Nginx security. Control resources and limits.

Posted on October 27, 2023, Level beginner Resource Length medium

Nginx is one of the best popular webservers today. Its popularity is due to the fact that it is very fast and easy to set up. Other side of this popularity - nginx is often being a target of malicious attacks. So, if your nginx is not limited by available resources, your server may totally "fall" when nginx spent all system resources. That's why you should control and limit resources Nginx consumed. By Vyacheslav Breus.

Tags servers web-development infosec performance
Raspberry Pi Zero headless quick start

Posted on October 26, 2023, Level intermediate Resource Length medium

This guide shows how to bring up a Raspberry Pi Zero, Zero W, or Zero 2 W without needing to attach a keyboard/mouse/monitor. For older Pi OS releases, basic settings can be configured by editing text files directly on the SD card using an editor on your main PC prior to first boot. For newer Pi OS releases, the rpi-imager tool can be used to both burn the OS image and configure settings. By Carter Nelson.

Tags cio software-architecture devops infosec
Comprehensive guide to Internet of Things data streaming from Raspberry Pi to Azure

Posted on October 25, 2023, Level intermediate Resource Length medium

What comes to mind when you hear "Raspberry Pi in the cloud"? A freshly baked pie floating away, forever out of reach? this blog post aims to paint a simpler picture, showing how easy it is to build your own IoT in the Cloud setup. As mentioned in the preface, this post is part of our ongoing IoT series, where we'll elevate our Raspberry Pi devices by streaming data into the Microsoft Azure Cloud. By Stepan GaponiukDr and Heiko Kromer.

Tags cloud azure iot infosec robotics
Security on the web

Posted on October 23, 2023, Level beginner Resource Length long

Websites contain several different types of information. Some of it is non-sensitive, for example the copy shown on the public pages. Some of it is sensitive, for example customer usernames, passwords, and banking information, or internal algorithms and private product information. By @mozilla.

Tags servers web-development infosec app-development browsers

Tag: Infosec

Implement security breach prevention and recovery infrastructure

Tags devops azure ssl app-development infosec teams servers

Apache web server hardening and security guide

Tags apache web-development cloud software-architecture infosec

DevOps security: Definition, best practices

Tags devops infosec cloud software-architecture learning

Using containerisation

Tags devops web-development app-development containers infosec kubernetes

Secure GraphQL endpoints in Spring reactive applications

Tags apis infosec java restful web-development app-development

Using JWTs to authenticate services unravels API gateways

Tags apis infosec java web-development app-development

TLS vs SSL: What's the difference? Which one should you use?

Tags miscellaneous infosec browsers web-development ssl

Privacy vs. security: Exploring the differences & relationship

Tags miscellaneous infosec browsers web-development cio

Nginx security. Control resources and limits.

Tags servers web-development infosec performance

Raspberry Pi Zero headless quick start

Tags cio software-architecture devops infosec

Comprehensive guide to Internet of Things data streaming from Raspberry Pi to Azure

Tags cloud azure iot infosec robotics

Security on the web

Tags servers web-development infosec app-development browsers