Security

Security

Trusting your ingredients - What's in your function anyway?

Whether you're building apps or baking cheesecake, trusting the ingredients you work with and making sure you have a transparent process to get them into your final product is one of the most important things.

Continue Reading
Security

JWT Authorization in Golang

Authorization decides whether a particular user/service is allowed access to a particular route, service or resource. This is where JWT comes into the picture. It has a small overhead and it works across different domains. JWT Concepts JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. It’s one of the most popular ways of authentication. It’s an encoded string that can contain any amount of data and it is cryptographically signed (by the server side).

Continue Reading
Security

AWS Secrets Manager vs HashiCorp Vault

News about data breaches, leaked customer information and stolen passwords for critical infrastructure are becoming very common. Many of these incidents seem to be related to mismanagement of credentials, unencrypted passwords, secrets being pushed to git repositories or secrets being hard coded within the application, leaving no room for rotation. This has led to increasing demand for Secrets Management tools like AWS Secrets Manager, HashiCorp Vault, Confidant and others. In this blog, we will look at

Continue Reading
Security

What did your developer violate today?

With more and more applications using public cloud (AWS/Azure/GCP) and the ever changing number of features services that are available on these hyperscalers, how do you maintain a stable process of deploying and managing resources and applications in the public cloud? We know that most enterprise companies have a shift in organizational boundaries to start and “Grapple” with this shift. That shift is a segmenting of their IT organization into two distinct parts Traditional IT - tasked with managing “on-prem” data centers and usually requires the individual in this organization to have a balance between HW and SW knowledge and skills.

Continue Reading