Security

In this post we will deploy gatekeeper to a kubernetes cluster. We will then define constraints and ensure that gatekeeper enforces those constraints.

Threat modeling is an effective tool used to understand the threat landscape within an enterprise network. Threat modeling is a security practice for the team to identify threats, attacks, and risks based on the existing architecture design, and to mitigate these potential security risks. It is the process of looking at all the significant and likely potential threats to a scoped scenario, ranking their potential damage in a given time period, and figuring cost‐effective mitigations to defeat the highest‐priority threats....

JSON Web Token(JWT) is an industry standard for security tokens used to securely transmit information between client and server as JSON objects.It provides a solution to the problem of passing claims between parties. In this post we will create an Angular interceptor to introspect JWT tokens.

OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol. OpenID Connect is all about authentication while OAuth is an authorization protocol. In OAuth, authorization is delegated while in OpenID Connect, authentication is delegated. OpenID Connect allows clients to verify end users based on the authentication performed by an auth server. It is also used to obtain basic profile information about the end user in a standards-based, interoperable and REST-like manner....

JSON Web Token(JWT) is an industry standard for security tokens used to securely transmit information between client and server as JSON objects.It provides a solution to the problem of passing claims between parties. In this post we will be implementing a JWT token server which will serve tokens to users with the appropriate credentials.

JSON Web Token(JWT) is an industry standard for security tokens used to securely transmit information between client and server as JSON objects.It provides a solution to the problem of passing claims between parties.

There are two types of tokens in OAuth 2.0, the access token, and the refresh token. Access token The access token represents the authorization of a specific application to access specific parts of a user’s data. Access tokens must be kept confidential in transit and in storage. The only parties that should ever see the access token are the application itself, the authorization server, and resource server. The access token can only be used over an https connection, since passing it over a non-encrypted channel would make it trivial for third parties to intercept....

OAuth2 is an open authorization standard designed to provide an authentication and authorization protocol for the web.OAuth 2 was created with the intention of providing a way to grant limited access to protected content hosted by third-party services in a standardized and open manner.