Using Curl With SPNEGO
CloudsStormsSunsetsSunrises / Karsun Designs Recently, I had to setup a SPNEGO example to demonstrate a Kerberos identity integration. The details[…]
Read moreLatest Posts
SOFTWARE SUPPLY CHAIN SECURITY: CI/CD/CT PIPELINES AND SECURITY TOOLS: PART 2
This is part two of a two part blog post on Software Supply Chain Security. If you haven’t read Part[…]
Read moreSOFTWARE SUPPLY CHAIN SECURITY: CI/CD/CT PIPELINES AND SECURITY TOOLS: PART 1
Introduction The DevOps movement of the last decade more-or-less led to the DevSecOps movement of this decade. This focus on[…]
Read morePractical Business Continuity
For the small business owner, should the power going out mean you can’t make money? Should the computer system going[…]
Read moreStatic Credentials Must Not Be Used In The Browser
Authentication is described in this post. Modern business web applications tend to be a collage of service calls to numerous[…]
Read moreDatastore Security Requirements
This post will introduce a generic set of database / datastore security requirements that be used as a starting point[…]
Read moreApplication Front-Ends Must Not Make Authorization Decisions
First, let’s get the usual introductions out of the way. For an in-depth discussion of what Authorization is, check out[…]
Read moreAPI Gateways and Multiple Consumer Types
Front / Mark Wilson Sometimes at client sites, I see a separation of APIs advertised on an API Gateway based[…]
Read moreRFC 9068: A JWT-Based OAuth2 Access Token Format Standard
Tokens / SHYCITYNikon For anyone who has been paying attention, this blog post has been a long-time coming for multiple[…]
Read moreMaking Authorization Decisions
backwater / Adedotun Ajibade This blog post continues our discussion of Authorization in the API space. It will explore common[…]
Read more