Delicious Dogfood: Cloud Native WordPress
Take Wordpress. Modernise it. Make it cloud-native. Add tidb cloud-native database. Add stateless storage.
Simplify Security: Split Identity and Authorisation with Zero Trust
Zero Trust. The key principle is, we split identity and authorisation apart. We move from a perimeter-based trust (e.g. VPN + firewall) to a user + asset-based model.
Web Application Security 101: Get the basics right
Do what I say. The central tennet of security. In web application security, this translates to a set of headers. Learn how to use Content Security Policy, XSS, CORS, etc.
Don’t let the browser pass you by: keep your server up to date
Browsers update faster than servers, being consumer technology. TLS 1.0 and 1.1 are dead, update your servers.
USE OF POSTMAN WITH OPENID CONNECT PKCE AND API
Many API’s, Agilicus’ included, use OpenAPI to specify how they function. Authentication of these is usually left out of scope, but, provided as a bearer token. This means that if you write a web application, you want to directly use the RESTful API’s, and you do so by first authenticating via OpenID Connect PKCE flow and remembering the access token.
Zero Trust: Connecting The Digitally Disconnected
Digitally Disconnected. The 2nd class citizens of the 21st Century. Unable to access data due to identity or VPN. NO MORE! Zero Trust.
Ding Dong: The VPN is dead. Split Identity and Authorisation to Simplify Security
A philosophy that allows you to reduce cost, increase security, and increase user engagement and satisfaction. All 3 at once. Sounds crazy?
Finding your Google ID and reclaiming your Gitlab account
OpenID Connect, a powerful single-sign-on with strong security, and locking the user to the upstream ID means if their name changes you are insulated.
Email Strict Transport Security: Our First Report
Email Strict-Transport-Security. Complex to setup, but provides encryption on the transportation of your email like HTTP Strict Transport.
Zero Trust Architecture: Published by NIST
Zero-Trust. Make your team more efficient, increase your security, reduce your cost? What’s not to love. The line for the bandwagon starts over there.
Brand Indicator Achievement unlocked: BIMI and you
BIMI is a new standard for logo protecting your brand email from identity theft. Implement with DNS and DMARC today.
Static Application Scanning Angular: Resolving lodash npm audit
Static Application Scanning with Angular can sometimes block release with no solution. Learn about better-npm-audit.
Trust You? I Just Met You! How Trust-On-First-Use Can Increase Your Security
Trust-On-First-Use for enrolling multi-factor authentication.can improve your security for lower cost.
Sounds like a win to me!
Cross-Origin-Request-Sharing and You
CORS. The method by which we secure web applications that are de-monolithed to directly use API’s
CORS’ing the complexity: idempotent and caching meets Vary: Origin for CORS
Cross-Origin-Request-Sharing (CORS) is challenging to implement. Learn how to make it work with multiple applications in the same browser.
The False Choice of Risk Versus Reach
Risk versus Reach. A false choice. We should not materially compromise security to reach more users.
Secure the Cookie!
The humble cookie. So controversial. So complex to secure. If your web app must have them, you must secure them.
The browser was the accomplice
You and your browser run inside a nice safe firewall. A firewall which doesn’t do what you think. Explore how the browser is the accomplice to the crime.
Zero Trust and the NTT Hack
NTT Comm discloses a breach. Firewalls lead to false assurances, allowing wide open internal access.
Fixing the case of the Implicit Flow modification
Meet Hank. Hank is a web application with a dark secret. It trusts you the user to not change things in the browser. Bad Hank. Learn how to fix it!
Why should I use Content-Security-Policy?
The Content-Security-Policy headers exists to protect the users of your web site from the content they themselves might create.
The Web Application Firewall and You: Who Should Use, and When.
Should I use a Web Application Firewall? What is it ? What benefit will it give me? When would I use it? Read on to learn!
Fixing the case of the un-sanitised input web app
Web applications may not be inherently secure. But we want them Internet available anyway. How can we reconcile these two? Let’s see!.
Agilicus Story: Cloud Native Computing Foundation Stories
Agilicus presents its architecture, philosophy, strategy at CNCF Eastern Canada Stories Meetup
DEFENSE IN DEPTH: CLOUD NATIVE DAY 2019 TALK
We often think in Boolean terms: Outside Bad, Inside Good
Instead, assume each layer will be breached
How phishing negates your firewall
Your corporate firewall. That invulnerable bastion that lets you fearlessly run less-than-secure internal tools like a CRM, a Finance portal. But, is it really invulnerable? Or is it a paper wall at best? We look at how Cross-Site-Scripting vulnerabilities, known session ID cookies or access tokens can allow content from the world to pierce it as if it were not there. We do this using the weakest link: you.
Logging real remote address with Nginx and Lua
For audit, security, tracing, we want the origin IP logged. Load-balancers can mask this. Learn how to log the true client IP from nginx with lua, when that nginx is behind a load-balancer (reverse proxy)
Why your VPN is slow: the case of the work-at-home streaming
VPN slow? It might be your friends using YouTube and Spotify. Ration bandwidth? Split Horizon? We recommend door #3: Zero Trust, Internet Exposed, Direct.
Zero-Trust Makes Working From Home Secure And Reliable, Unlike VPN
A sudden influx of remote workers is stressing the VPN. That stateful device struggles. Consider a future switch to Zero-Trust, secure remote access with it.