Tag: Infosec

Angular security -- Authentication with JSON Web Tokens (JWT), complete guide

Posted on May 26, 2018, Level intermediate Resource Length long

Angular university brought you this a step-by-step guide for both designing and implementing JWT-based Authentication in an Angular application. The goal here is to discuss JWT-based Authentication Design and Implementation in general.

Tags nodejs javascript angular infosec apis
Fact vs. fiction: 6 myths about container security

Posted on May 21, 2018, Level beginner Resource Length medium

David Lawrence wrote this article to help you to quell these myths so you can find default security and secure coding at the heart of well-architected containers. In this article, authors take a look specifically at the myths surrounding container security -- and the opportunities container technology presents to integrate security at each stage of the application lifecycle that otherwise would be hard to achieve.

Tags programming containers infosec devops
How to securely store API keys

Posted on March 7, 2018, Level intermediate Resource Length long

Bruno Pedro detailed blog post focusing on secure storage of your API keys in the cloud. Many people store sensitive information in private git repositories. If you do this, please think about it twice.

Tags infosec apis restful
Why cryptography is much harder than software engineers think

Posted on February 11, 2018, Level advanced Resource Length medium

Andrew Mayo, senior system architect at 1E, wrote this intriguing article about ROCA vulnerability and how it raises some important issues about the design of secure cryptographic software. The vulnerability is not in this case an obvious coding error such as a buffer overflow, or the use of a poor quality random number generator.

Tags programming infosec devops
Introducing Twirp RPC framework for Golang

Posted on January 19, 2018, Level beginner Resource Length medium

Spencer Nelson published article in which he introduced an RPC framework they use for communication between backend servers written in Golang. It's called Twirp, and it's available now under an Apache 2 open source license.

Tags apis web-development infosec
How to install Centmin Mod with Let's Encrypt and CloudFlare

Posted on December 11, 2017, Level intermediate Resource Length long

Mike Tabor posted tutorial how to install LAMP server via Centmin Mod and take advantage of free SSL certificates with Let's Encrypt and also leveraging free DNS from CloudFlare.

Tags devops infosec ansible
3 common cybersecurity maturity failings

Posted on December 5, 2017, Level beginner Resource Length short

Oliver Rochford published short article on cybersecurity maturity and it's failings. The article touches on some interesting points. Especially on how vendors, investors and the media rely on flawed statistics, surveys and a fair dose of wishful thinking in assessing the security maturity of the average enterprise, projecting market growth and product viability.

Tags cloud infosec devops
Advanced kubernetes ingress

Posted on October 29, 2017, Level intermediate Resource Length medium

Björn Wenzel deatiled writting on how to to setup a more complex kubernetes ingress example. This blog post is building on his previous post - Install kubernetes ingress. The application in this example has an api-server and a separate ui server.

Tags kubernetes containers devops software-architecture infosec
Privacy and trustworthiness for web notifications

Posted on October 25, 2017, Level beginner Resource Length short

The Internet Engineering Task Force (IETF) nice short article / announcement about privacy of web notifications. HTTPS (HTTP over TLS) is possibly the most widely used security protocol in existence. HTTPS is a two-party protocol; it involves a single client and a single server. This aspect of the protocol limits the ways in which it can be used.

Tags programming web-development infosec
Automating LetsEncrypt Certificates With Ansible for AWS Instances

Posted on August 12, 2017, Level intermediate Resource Length medium

Alagesan Palani tutorial explaining how to make your AWS instance safer by automatically generating LetsEncrypt certificates. Conveniently.

Tags ansible aws infosec
7 Best Practices for JSON Web Tokens

Posted on May 28, 2017, Level intermediate Resource Length medium

Neil Madden has written about best practices for JSON Web Tokens (JWTs, pronounced "jots").

Tags json infosec web-development
Managing Shared Secrets

Posted on May 15, 2017, Level beginner Resource Length long

Jakob Holderbaum article about managing shared secrets when working on a shared codebase.

Tags infosec programming

Tag: Infosec

Angular security -- Authentication with JSON Web Tokens (JWT), complete guide

Tags nodejs javascript angular infosec apis

Fact vs. fiction: 6 myths about container security

Tags programming containers infosec devops

How to securely store API keys

Tags infosec apis restful

Why cryptography is much harder than software engineers think

Tags programming infosec devops

Introducing Twirp RPC framework for Golang

Tags apis web-development infosec

How to install Centmin Mod with Let's Encrypt and CloudFlare

Tags devops infosec ansible

3 common cybersecurity maturity failings

Tags cloud infosec devops

Advanced kubernetes ingress

Tags kubernetes containers devops software-architecture infosec

Privacy and trustworthiness for web notifications

Tags programming web-development infosec

Automating LetsEncrypt Certificates With Ansible for AWS Instances

Tags ansible aws infosec

7 Best Practices for JSON Web Tokens

Tags json infosec web-development

Managing Shared Secrets

Tags infosec programming