Tag: Infosec

Two-factor authentication in Scala with Http4s

Posted on July 28, 2023, Level intermediate Resource Length short

This article is a continuation of the authentication methods t- here we will cover two more advanced authentication methods which include One Time Password (OTP) and Two Factor Authentication (2FA). By Daniel Ciocîrlan.

Tags java app-development how-to infosec jvm
Kali Linux tutorial for beginners: What is, how to install & use

Posted on July 23, 2023, Level intermediate Resource Length medium

Kali Linux is a security distribution of Linux derived from Debian and specifically designed for computer forensics and advanced penetration testing. It was developed through rewriting of BackTrack by Mati Aharoni and Devon Kearns of Offensive Security. By @guru99.com.

Tags linux devops cio infosec software
Protecting serverless applications with AWS WAF

Posted on June 20, 2023, Level beginner Resource Length medium

Since serverless is designed to scale to infinity, one of the questions we get asked very often is whether a DDoS attack on the serverless application can result in a hefty Cloud Bill. One way to prevent this is to have rate limiting on API Gateway in place so that the serverless application doesn't scale to unexpected levels and end up using all underlying resources. By Vishwasa Navada K.

Tags serverless cloud infosec aws
How to foster a security culture

Posted on June 15, 2023, Level beginner Resource Length medium

Government IT teams can help make information security a shared responsibility through education and preparedness exercises and by leveraging technology. By Joel Snyder.

Tags infosec cio teams management
How DevSecOps teams should approach API security

Posted on June 13, 2023, Level intermediate Resource Length medium

A recommended setup that addresses the unique concerns of developers, security and DevOps teams. It is common for these roles to lack a unified vision on how they approach API security. Therefore, in this post, I will provide a recommended API security setup that benefits all parties involved. By Gary Archer.

Tags apis cloud devops web-development infosec
How to keep docker secrets secure: Complete guide

Posted on May 29, 2023, Level intermediate Resource Length medium

Secret values such as API keys, passwords, and certificates need to be safely handled throughout the software development process and your app's runtime. Exposure of secrets can be catastrophic, as unauthorized actors could use the credentials to perform privileged interactions with your services. By James Walker.

Tags docker infosec cloud containers devops
Achieving unbrickable remote firmware updates on MCUs with a Microvisor architecture

Posted on May 16, 2023, Level intermediate Resource Length medium

For many years, microcontrollers have been a staple in various products, continuously revolutionizing their feature sets, reliability, and performance. Moore's Law has brought 16- and 32-bit processing to even the smallest and most affordable consumer products. The presence of larger memory and CPU power has allowed the use of real-time operating systems (RTOS) where previously developers had to rely on "bare metal" coding. However, as products have evolved to become connected devices in the context of IoT, it has revealed fundamental shortcomings in the traditional methods of software development for microcontrollers. By Jonathan Williams.

Tags big-data iot streaming robotics cloud infosec
How to enable HSTS for enhanced web security in Apache

Posted on May 13, 2023, Level intermediate Resource Length medium

HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should interact with it using only secure HTTPS connections, and never via the insecure HTTP protocol. This article will guide you on how to implement and optimize HSTS in Apache for improved web security. By Rahul.

Tags app-development infosec web-development apache ssl
From 'Likes' to 'Rewards': How web3 is disrupting traditional social media model

Posted on May 12, 2023, Level beginner Resource Length medium

Over the past decade, social media platforms have revolutionized social interactions for people looking to connect with friends, family, and like-minded individuals and communities. Since the dawn of MySpace and Facebook, social media has provided us with an unprecedented level of connectivity and has opened up a world of opportunities for businesses to connect with their customers. However, with the rise of Web3, traditional social media platforms are being forced to rethink their models in order to stay relevant in a rapidly evolving digital landscape. By chain.com.

Tags web-development infosec blockchain management miscellaneous cio
Dissecting Npm malware: Five packages and their evil install scripts

Posted on May 11, 2023, Level intermediate Resource Length medium

Packages published on npm can declare pre and post-install hooks, which are scripts that run, well, pre or post-install. That is to say, when the npm CLI installs a package, it also runs those scripts on your machine. By Gabi Dobocan.

Tags app-development infosec web-development nodejs javascript
How to add a Software Bill of Materials (SBOM) to your containers with GitHub Actions

Posted on May 9, 2023, Level intermediate Resource Length medium

Learn how to add a Software Bill of Materials (SBOM) to your containers with GitHub Actions in a few easy steps. An SBOM is an inventory of the components that make up a software application. It is a list of the components that make up a software application including the version of each component. The version is important because it can be cross-reference with a vulnerability database to determine if the component has any known vulnerabilities. By Alex Ellis.

Tags cicd containers docker infosec
How to use Ansible to create reports with Lynis, automate audits, and evaluate the security of your systems

Posted on April 29, 2023, Level intermediate Resource Length medium

From the server administrators of highly technological organizations, to product managers of financial institutions, down to the one-man startups that just want to secure their shopping cart, the same question pops up: "If TLS/SSL certificates all do the same thing, what type should we get?" By Digicert.

Tags ansible servers linux infosec

Tag: Infosec

Two-factor authentication in Scala with Http4s

Tags java app-development how-to infosec jvm

Kali Linux tutorial for beginners: What is, how to install & use

Tags linux devops cio infosec software

Protecting serverless applications with AWS WAF

Tags serverless cloud infosec aws

How to foster a security culture

Tags infosec cio teams management

How DevSecOps teams should approach API security

Tags apis cloud devops web-development infosec

How to keep docker secrets secure: Complete guide

Tags docker infosec cloud containers devops

Achieving unbrickable remote firmware updates on MCUs with a Microvisor architecture

Tags big-data iot streaming robotics cloud infosec

How to enable HSTS for enhanced web security in Apache

Tags app-development infosec web-development apache ssl

From 'Likes' to 'Rewards': How web3 is disrupting traditional social media model

Tags web-development infosec blockchain management miscellaneous cio

Dissecting Npm malware: Five packages and their evil install scripts

Tags app-development infosec web-development nodejs javascript

How to add a Software Bill of Materials (SBOM) to your containers with GitHub Actions

Tags cicd containers docker infosec

How to use Ansible to create reports with Lynis, automate audits, and evaluate the security of your systems

Tags ansible servers linux infosec