Category: Technology

  • Password-less Authentication

    Introduction Password-less authentication is current industry trend to remove passwords from online world to login. In this post, I will be exploring some of the concepts around password-less authentication. Password is one of the factor to identify yourself who you are authorised to login to application but last 6-7 years password is susceptible to different […]

  • Single Sign-On (SSO) terminologies

    Introduction In this post, we will look at different terminologies in SSO. Single Sign-On means use the same credentials everywhere whereas web SSO login once in browser and access multiple websites without authenticating again. When comes to SSO there are multiple names thrown around so lets look one by one SAML OIDC OAUTH JWT Federated […]

  • Container Security: Part 1

    Introduction What is container security ? Before I deep dive into explaining about container security. We need to understand what is container and why we need to secure it and how its different from traditional VM security and finally why we cannot use the same technique to secure the containers like virtual machines. Okay – […]

  • Secrets Management

    Introduction What is secret ? Secret can be anything to protect the information from others and hiding it from humans and machines. For e.g. PII(Personally Identifiable Information), Transaction data, passwords, Keys and so on. For the purpose of this article we are going to focus only on secrets to give access to other systems such […]

  • API Security

    What is API? API is the acronym for application programming interface –– a software intermediary that allows two applications to talk to each other. APIs are an accessible way to extract and share data within and across organisations – MuleSoft Why API needs to be secured ? API first strategy is common and API is […]

  • AWS IAM Roles Anywhere – Part 1

    Introduction AWS recently released the IAM Roles Anywhere and its well thought and recommended feature instead of using Long term access keys for workloads. In short, AWS IAM Roles anywhere is based on x.509 certs by creating the trust between PKI and IAM. Why I have to use AWS IAM Roles Anywhere? Historically on-premise workloads […]

  • Just-in-time(JIT) access to servers using Vault