SOFTWARE SUPPLY CHAIN SECURITY: CI/CD/CT PIPELINES AND SECURITY TOOLS — PART 2This is part two of a two part blog post on Software Supply Chain Security. If you haven’t read Part 1 yet, starting there is recommended.Sep 29Sep 29
SOFTWARE SUPPLY CHAIN SECURITY: CI/CD/CT PIPELINES AND SECURITY TOOLS — PART 1IntroductionSep 29Sep 29
Practical Business Continuity For The Small OrganizationFor the small business owner, should the power going out mean you can’t make money? Should the computer system going down for 20 minutes…Sep 4, 2024A response icon1Sep 4, 2024A response icon1
Static Credentials Must Not Be Used In The BrowserAuthentication is described in this post.Aug 10, 2024Aug 10, 2024
Datastore Security RequirementsThis post will introduce a generic set of database / datastore security requirements that be used as a starting point when developing a…Aug 10, 2024Aug 10, 2024
Application Front-Ends Must Not Make Authorization DecisionsFirst, let’s get the usual introductions out of the way. For an in-depth discussion of what Authorization is, check out this post. For a…Aug 6, 2024Aug 6, 2024
API Gateways and Multiple Consumer TypesSometimes at client sites, I see a separation of APIs advertised on an API Gateway based upon consumer type. Sometimes, this is…May 24, 2024May 24, 2024
RFC 9068: A JWT-Based OAuth2 Access Token FormatFor anyone who has been paying attention, this blog post has been a long-time coming for multiple reasons. First, this is my first blog…May 24, 2024May 24, 2024
