A review of 2019 security predictions, covering progress on Rust adoption, WebAuthn security keys, and TLS 1.3 deployment.
A guide to using Docker Content Trust (DCT) to digitally sign Docker images, ensuring integrity and publisher authenticity.
A technical guide on using ksqlDB and Kafka Connect to ingest and analyze Syslog data for detecting SSH attacks.
A guide to configuring essential HTTP response headers like Content-Security-Policy and Cache-Control for improved security and performance on static sites hosted on Netlify.
A tutorial on setting up two-factor authentication for SSH and PGP keys using the Krypton tool, storing keys on a mobile device.
Explores the challenge of building safety-critical software for high-risk users like activists, contrasting it with mainstream security needs.
A technical comparison of built-in security features and secure coding practices in React and Angular frameworks.
A guide to using SSH efficiently from the terminal, covering key generation, SSH agent setup, and best practices for secure remote access.
A speaker discusses using Azure Managed Identities to securely access services without managing keys, including a demo app for file sharing.
Azure AD now blocks cross-tenant token attacks by preventing apps from getting tokens for tenants where they have no service principal.
Explains the history and mechanics of Linux capabilities, a security model for granular process privileges, and their interaction with containers.
Essential npm security best practices to protect against malicious packages, including ignoring run-scripts and vetting third-party modules.
Explores SQL Server 2019's new 'Feature Restrictions' security feature, designed to help prevent SQL injection attacks.
Explains the process and importance of rotating signing keys in IdentityServer for security, detailing the use of AddSigningCredential and AddValidationKey.
Explains security risks and best practices for managing user permissions in Django's admin interface to prevent data leaks.
A guide to implementing policy-based authorization in Blazor applications, covering setup, advantages over role-based auth, and custom requirements.
Explains why embedding secrets like API keys in native apps is a critical security flaw, with a practical demonstration.
Explains best practices for building secure multi-tenant Azure AD applications that restrict login to a specific set of known tenants.
Learn how to prevent secrets like SSH keys and API tokens from being leaked into your final Docker images using multi-stage builds and secrets management.
Explains the security risks of proprietary firmware in deep system privilege levels (Rings -2 & -3) and advocates for open source alternatives.
