So you want your developers to build secure applications during SDLC and not as an afterthought after being dinged by Security reviewers. You got this idea of highlighting security controls via reference architectures that can be easily consumed by developers early on in the SDLC life cycle.
But you are concerned! Would this reference architecture be another “lengthy”, “preachy” document with languages like “Thou shall do this, thou shall not do this…” and not really something that can be easily adopted by developers? If you develop a visual reference architecture infographic and give it to your developers, it will still…
Unless you have been hiding in a cave or not even remotely security-minded, you would have heard the news about the Capital One hack. It was possibly a Server-side Request Forgery (SSRF) attack on AWS hosted application server orchestrated by an ex-Amazon employee — Paige Thompson.
SSRF is an application attack whereby a hacker can abuse functionality on an application server to read or update internal resources. …
In the security world, you might have heard of the exploit used by hackers to reveal passwords from their hashed counterparts. We call this technique password cracking or in practicality ‘password guessing’. Even with the complexity of password controls put in by organizations today, this threat is very much real. This tutorial is intended for any individual with a mindset of security who wants to learn more about how hackers are able to crack Windows stored user passwords.
Hashing is a software process of generating fixed character length hash values for a text file. This is a one-way function meaning…
Hello multi-clouders! I recently started working on a Microsoft Azure engagement and wanted to get a quick introduction to Azure service landscape. So I started mapping Azure services to the two public cloud platforms I am most familiar with— AWS and Google Cloud.
I have initially started with the key cloud computing areas — Compute, Storage, Database, Networking, DevOps, Governance and Security. Hopefully in the future updates, I can incorporate other areas — IoT, Big Data, Machine Learning and Analytics. But for now, I want to provide you all the baby steps I have taken towards mapping cloud services across the three Public cloud platforms.
Providing screenshots of the excel since Medium does not have a good table structure, but if you like the content, feel free to use the Airtable link below to download the CSV.
Cloud migration can be a nerve-wracking experience for organizations looking to move their on-premise resources to the Cloud. In this article I will talk about some of the most important Networking things to keep in mind before you start developing your own strategy for cloud migration (specifically targeted towards AWS and GCP). This is a two part series with the first part focusing on Cloud Connectivity and the latter geared towards Networking in the Cloud.
Organizations today have multiple use cases for choosing cloud over their own infrastructure. Some examples are:
Researching on RESTful APIs, I found the use case of AWS services to build Serverless websites very appealing. This can help small to mid-size organizations to reduce their operational overhead while delivering highly scalable and reliable services to customers. In this blog post, I will document steps to develop such a serverless website in AWS.
We will be using the unique public url for AWS S3 bucket as our web front-end. The S3 bucket would be simply used to host static content for the website like HTML files, image files, CSS files, etc.
Cloud Security Architect