Application Security, iOS, Mobility

Prevent MITM Attack by SSL Public Key Pinning : Part – 2

In this blog, we are going to learn about public key pinning and how we can achieve it with URLSession. Before that, let’s briefly discuss SSL certificate pinning. SSL pinning is a security technique used in mobile and web applications to ensure that the client only communicates with servers via a specific SSL certificate or public key, […]

April 10, 2024

Application Security, Cloud, DevOps

Trivy: A Comprehensive Security Scanner

  Introduction CIS is a renowned nonprofit organization that offers recommendations for security best practices; offerings include a bunch of guidelines for configuring & securely K8s clusters. Trivy is a comprehensive container security auditing tool that brings the power of CIS (Center for Internet Security) compliance auditing to K8s clusters. Reason to Adopt Trivy? Trivy is […]

April 1, 2024

Application Security, Cloud, DevOps

AWS WAF – Web Application Firewall

Introduction AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits by monitoring and filtering the HTTP and HTTPS requests that reach your application. It allows you to create rules to block, allow, or monitor (count) web requests based on conditions that you define. AWS WAF […]

March 16, 2024

Application Security, MEAN, Node.js

Implementing Role based Access Control in NestJS

NestJS is a progressive Node.js framework for building efficient, reliable, and scalable server-side applications. A prerequisite for this article is a basic understanding of NestJS. If you have worked on Node.js web applications and want to implement applications using object-based programming, such as Java, NestJS is good to go. The learning curve is also not […]

March 11, 2024

Application Security, Manual Testing, Technology

The Crucial Role of Security Testing in Contemporary Software Development

In the present era of hyper-connected digital environments, where technology continuously evolves, security testing has emerged as an indispensable element of software development. With individuals and businesses increasingly relying on software applications for various purposes, the imperative to shield sensitive data and systems from potential threats has never been more pronounced.  Additionally, Application Programming Interfaces […]

September 28, 2023

Application Security, Java, Technology

Demystifying Single Sign-On (SSO): A Comprehensive Introduction

In today’s digital age, where individuals and organizations rely heavily on multiple online services and applications, managing login credentials can become quite a headache. Remembering multiple usernames and passwords for various platforms can be both cumbersome and inefficient. Fortunately, Single Sign-On (SSO) offers a practical solution to this challenge. In this blog post, we will […]

September 25, 2023

Application Security, iOS, Mobility

Prevent MITM Attack by SSL Pinning (URLSession)

What is an MITM Attack? An MITM is a form of cyber attack where a malicious individual manipulates two users to access data that two parties are trying to deliver to each other. A malicious hacker, without being recognized hacks the intended data that are meant to be sent to a particular person. In certain […]

September 13, 2023

Application Security, DevOps, Software development

HTTP vs HTTPS, and How HTTPS is more secure?

HTTP and HTTPS are both protocols used to transfer data over the internet, but they differ in the way they secure data and ensure its integrity. HTTP This stands for “Hypertext Transfer Protocol” and is the protocol used to transfer data between a web server and a web browser. When you visit a website that […]

August 23, 2023

Application Security, AWS, Cloud

Creating Production Grade Microservices Architecture on AWS EKS

Introduction The main goal of this blog is to provide production-grade best practices for Microservices Infra in a way to implement the entire system easily on your own. You’ll see what an end-to-end solution looks like, including how to combine Kubernetes, AWS VPCs, data stores, CI/CD, secrets management, and a whole lot more to deploy […]

August 1, 2023