The Agilicus Philosophy: Continuous Learn. Do. Teach.
The Agilicus Philosophy: The world we work in changes. Our requirements change. By continuously learning and adapting, we survive and thrive.
Blog
My team works outside, why can’t their Kronos Timesheet?
Access your on-premise Kronos from any user, from any device, from any network. Increased security, increased simplicity. Zero Trust Networking.
Stupid Simple Security Trick: Add a DNS CAA Record
Want to improve your security for zero cost before you leave for the day? Add a DNS CAA Record. Watch the video to learn more!
You want me to sign in with what now?
“Sign in with…”. What does it mean? Why should I use it? What am I giving up? There must be a catch, right?
The Firewall Emperor Has No Clothes
The Firewall Emperor, long the king of security, has no clothes. Micro segmentation is just more firewalls. You want Zero Trust Network Access.
The JWT Bearer Token: You On The Wire
A bearer token is a cryptographic representation of who (you) and what (authorisation) that is used on a per-transaction basis. Learn and Use!
Dockerhub and pull limits: cache some insurance
Concerned about the new dockerhub rate limits? Run Kubernetes? Run CI? Deploy a pull-through cache simply to reduce the risk and impact.
Software Supply Chain Redux: npmjs shells your hosts
The software supply chain might be the biggest cyber threat out there. Easily accessible open-source, developers under pressure to deliver, complex dependencies. Trouble ensues in npm ecosystem.
Identity, Authorisation, Access: Microsoft Dynamics
Single Sign On with Microsoft Dynamics. First decide what this means, to who it means what.
Then find a way to federate their natural, native identity providers together.
Take time to stop and sniff the mime type
Happy Eyeballs? Mime-Type-Sniffing? Security wins, don’t infer content type from file name.
The deep rabbit hole of email in cloud
Email. Port 25. Security. Spam. Its more complex than it used to be to be a good Internet citizen for email sending. Cloud edition.
Delicious Dogfood: Cloud Native WordPress
Take Wordpress. Modernise it. Make it cloud-native. Add tidb cloud-native database. Add stateless storage.
Simplify Security: Split Identity and Authorisation with Zero Trust
Zero Trust. The key principle is, we split identity and authorisation apart. We move from a perimeter-based trust (e.g. VPN + firewall) to a user + asset-based model.
Web Application Security 101: Get the basics right
Do what I say. The central tennet of security. In web application security, this translates to a set of headers. Learn how to use Content Security Policy, XSS, CORS, etc.
Don’t let the browser pass you by: keep your server up to date
Browsers update faster than servers, being consumer technology. TLS 1.0 and 1.1 are dead, update your servers.
USE OF POSTMAN WITH OPENID CONNECT PKCE AND API
Many API’s, Agilicus’ included, use OpenAPI to specify how they function. Authentication of these is usually left out of scope, but, provided as a bearer token. This means that if you write a web application, you want to directly use the RESTful API’s, and you do so by first authenticating via OpenID Connect PKCE flow and remembering the access token.
Zero Trust: Connecting The Digitally Disconnected
Digitally Disconnected. The 2nd class citizens of the 21st Century. Unable to access data due to identity or VPN. NO MORE! Zero Trust.
Ding Dong: The VPN is dead. Split Identity and Authorisation to Simplify Security
A philosophy that allows you to reduce cost, increase security, and increase user engagement and satisfaction. All 3 at once. Sounds crazy?
Finding your Google ID and reclaiming your Gitlab account
OpenID Connect, a powerful single-sign-on with strong security, and locking the user to the upstream ID means if their name changes you are insulated.
Email Strict Transport Security: Our First Report
Email Strict-Transport-Security. Complex to setup, but provides encryption on the transportation of your email like HTTP Strict Transport.
Zero Trust Architecture: Published by NIST
Zero-Trust. Make your team more efficient, increase your security, reduce your cost? What’s not to love. The line for the bandwagon starts over there.
Brand Indicator Achievement unlocked: BIMI and you
BIMI is a new standard for logo protecting your brand email from identity theft. Implement with DNS and DMARC today.
Static Application Scanning Angular: Resolving lodash npm audit
Static Application Scanning with Angular can sometimes block release with no solution. Learn about better-npm-audit.
Trust You? I Just Met You! How Trust-On-First-Use Can Increase Your Security
Trust-On-First-Use for enrolling multi-factor authentication.can improve your security for lower cost.
Sounds like a win to me!
Cross-Origin-Request-Sharing and You
CORS. The method by which we secure web applications that are de-monolithed to directly use API’s
CORS’ing the complexity: idempotent and caching meets Vary: Origin for CORS
Cross-Origin-Request-Sharing (CORS) is challenging to implement. Learn how to make it work with multiple applications in the same browser.
The False Choice of Risk Versus Reach
Risk versus Reach. A false choice. We should not materially compromise security to reach more users.
Secure the Cookie!
The humble cookie. So controversial. So complex to secure. If your web app must have them, you must secure them.
The browser was the accomplice
You and your browser run inside a nice safe firewall. A firewall which doesn’t do what you think. Explore how the browser is the accomplice to the crime.