Category: Technology
-
An Overview of OAuth Grant Types and Flows
Written by
on
Introduction OAuth is an industry-standard framework for delegated authorization. “Delegated” is the keyword here because access is delegated and scoped to provide finer access control. In this post, I will explore different OAuth grant types, also known as OAuth flows, used to obtain access tokens. The goal of these grant types is to facilitate secure…
-
Password-less Authentication
Written by
on
Introduction Password-less authentication is current industry trend to remove passwords from online world to login. In this post, I will be exploring some of the concepts around password-less authentication. Password is one of the factor to identify yourself who you are authorised to login to application but last 6-7 years password is susceptible to different…
-
Single Sign-On (SSO) terminologies
Written by
on
Introduction In this post, we will look at different terminologies in SSO. Single Sign-On means use the same credentials everywhere whereas web SSO login once in browser and access multiple websites without authenticating again. When comes to SSO there are multiple names thrown around so lets look one by one SAML OIDC OAUTH JWT Federated…
-
Container Security: Part 1
Written by
on
Introduction What is container security ? Before I deep dive into explaining about container security. We need to understand what is container and why we need to secure it and how its different from traditional VM security and finally why we cannot use the same technique to secure the containers like virtual machines. Okay –…
-
Secrets Management
Written by
on
Introduction What is secret ? Secret can be anything to protect the information from others and hiding it from humans and machines. For e.g. PII(Personally Identifiable Information), Transaction data, passwords, Keys and so on. For the purpose of this article we are going to focus only on secrets to give access to other systems such…
-
API Security
Written by
on
What is API? API is the acronym for application programming interface –– a software intermediary that allows two applications to talk to each other. APIs are an accessible way to extract and share data within and across organisations – MuleSoft Why API needs to be secured ? API first strategy is common and API is…
-
AWS IAM Roles Anywhere – Part 1
Written by
on
Introduction AWS recently released the IAM Roles Anywhere and its well thought and recommended feature instead of using Long term access keys for workloads. In short, AWS IAM Roles anywhere is based on x.509 certs by creating the trust between PKI and IAM. Why I have to use AWS IAM Roles Anywhere? Historically on-premise workloads…
-