-
Guide to Cybersecurity Strategy
Written by
on
In this post, I have been discussing the steps I took to produce cyber security strategy and the methods I have explored . With that in mind, its important to note that there is no perfect cybersecurity strategy. The threat and technology landscapes continue to evolve at a rapid pace in this AI era. What…
-
An Overview of OAuth Grant Types and Flows
Written by
on
Introduction OAuth is an industry-standard framework for delegated authorization. “Delegated” is the keyword here because access is delegated and scoped to provide finer access control. In this post, I will explore different OAuth grant types, also known as OAuth flows, used to obtain access tokens. The goal of these grant types is to facilitate secure…
-
Cyber Security Incident Response
Written by
on
Introduction Cyber Security Incident response is set of capability with set of purpose responding to computer security related problems. Cyber Security Incident response team (CIRT) / Computer security incident response (CSIRT) is a group of skilled professionals assess the cyber security events and provide guidance or response to the events. Incident response is one of…
-
Password-less Authentication
Written by
on
Introduction Password-less authentication is current industry trend to remove passwords from online world to login. In this post, I will be exploring some of the concepts around password-less authentication. Password is one of the factor to identify yourself who you are authorised to login to application but last 6-7 years password is susceptible to different…
-
Single Sign-On (SSO) terminologies
Written by
on
Introduction In this post, we will look at different terminologies in SSO. Single Sign-On means use the same credentials everywhere whereas web SSO login once in browser and access multiple websites without authenticating again. When comes to SSO there are multiple names thrown around so lets look one by one SAML OIDC OAUTH JWT Federated…
-
Container Security: Part 2
Written by
on
This is the continuation of container security: Part 1, in this post we are going to discuss about container runtime protection. Container runtime protection is key security control because this is where “rubber meets the road”. Container will be serving critical workloads and processing sensitive data. Below are the areas we will exploring in this…