Tag: Infosec
-
Exploring the JWT attacks landscape
Posted on October 22, 2022, Level intermediate Resource Length medium
Due to its popularity, JWT attacks are one of of the most exploited vulnerability by attackers. Each JWT contains base64 encoded JSON objects. By Aamir Ahmed.
Tags infosec devops web-development app-development
-
What is a Web3 browser and how does it work?
Posted on October 20, 2022, Level beginner Resource Length medium
Web3 browsers like Brave allow users to access DApps, integrate cryptocurrencies and surf over the decentralized web with greater privacy and security. The phrase "Web3" is used to characterize multiple evolutions of web interaction and usage along various paths, including creating a geospatial web, utilizing artificial intelligence tools and making content available through numerous non-browser apps or Web3 browsers. By Onkar Singh.
Tags browsers miscellaneous crypto infosec
-
What are 4 golden signals for monitoring Kubernetes?
Posted on October 19, 2022, Level intermediate Resource Length medium
Golden Signals are the meaningful data insights that we use for monitoring and observability of a system. They are the signals vs. noise that can help guide us towards what's affecting the health of the environment. By Roland Wolters.
Tags devops kubernetes infosec app-development
-
Bridging security gaps in WFH and hybrid setups
Posted on October 16, 2022, Level beginner Resource Length short
Hybrid and work-from-home (WFH) arrangements take employees from the safety of the more secure and monitored environment of the office. These arrangements blur the division between enterprise and home networks while subsequently expanding the attack surface for both environments. How can these security gaps be bridged? By trendmicro.com.
Tags infosec cio app-development teams
-
Cryptocurrency tech is vulnerable to tampering, DARPA analysis finds
Posted on October 8, 2022, Level beginner Resource Length medium
Whether prices are up or down, for many investors in cryptocurrency, the real appeal is that there's nobody in charge. But a new report finds that the decentralized system might not be working as well as many crypto enthusiasts assume.or a one-time activity like creating a cluster, but not for continuous tasks like app delivery and configuration management.
Tags miscellaneous crypto fintech blockchain infosec cio
-
Implement DevSecOps to secure your CI/CD pipeline
Posted on October 5, 2022, Level intermediate Resource Length medium
Before understanding DevSecOps, let's understand what is DevOps. DevOps is the combination of cultural philosophies, practices, and tools that increase an organization's ability to deliver applications and services at high velocity. In fast-moving projects, security often lags behind and given low priority which may lead to buggy code and hacks. Let's see how we can reduce the risk of attack by integrating security in our DevOps pipeline. By Alok Maurya.
Tags cicd devops app-development infosec cio web-development
-
Different token types and formats explained
Posted on October 3, 2022, Level beginner Resource Length medium
When building security solutions using OAuth and OpenID Connect (OIDC), we frequently discuss tokens. Sometimes these systems are even referred to as token-based architectures. By Jonas Iggbom.
Tags app-development web-development infosec open-source
-
Introducing workerd: Open source workers runtime
Posted on September 28, 2022, Level intermediate Resource Length medium
Introduction to workerd, the JavaScript/Wasm runtime based on the same code that powers Cloudflare Workers. workerd is Open Source under the Apache License version 2.0. workerd shares most of its code with the runtime that powers Cloudflare Workers, but with some changes designed to make it more portable to other environments. By Kenton Varda.
Tags serverless devops software-architecture apis cloud infosec
-
Implement step-up authentication with Amazon Cognito
Posted on September 25, 2022, Level intermediate Resource Length medium
In this blog post, you'll learn how to protect privileged business transactions that are exposed as APIs by using multi-factor authentication (MFA) or security challenges. These challenges have two components: what you know (such as passwords), and what you have (such as a one-time password token). By using these multi-factor security controls, you can implement step-up authentication to obtain a higher level of security when you perform critical transactions. By Salman Moghal, Mahmoud Matouk, and Ozair Sheikh.
Tags aws devops infosec app-development
-
Key points from the IBM Cost of a Data Breach Report 2022
Posted on September 10, 2022, Level beginner Resource Length short
The volume and impact of data breaches have accelerated largely in 2022, which has contributed to many adverse effects for businesses. Tc highlights several updated factors that have generated great costs across 17 countries and regions, and 17 industries. The report has included new related areas of analysis as well. By tripwire.com.
Tags ibm cloud cio management infosec miscellaneous
-
Secure Spring Boot REST API with Apache APISIX API Gateway
Posted on August 21, 2022, Level intermediate Resource Length long
In this walkthrough, we are going to look at some of the Apache APISIX API Gateway built-in plugins for securing your Spring Boot REST APIs and demonstrate how to effectively use them. By Bobur Umurzokov.
Tags infosec app-development web-development frontend
-
What is confidential computing?
Posted on August 19, 2022, Level beginner Resource Length medium
With the boom in cloud computing, new types of security threats have emerged. Confidential computing is a solution to the added IT security issues of working with the cloud. By Daniele Buono, James Bottomley, Hubertus Franke, Robert Senger.
Tags app-development infosec cloud ibm big-data