YaniinInfoSec Write-upsSecuring Private APIs in API Gateway Using VPC EndpointsA VPC (Virtual Private Cloud) endpoint is a private connection between your VPC and another AWS (Amazon Web Services) service, such as S3…9 min read·Jun 27, 2023--1--1
YaniinInfoSec Write-upsSeamless Cross-Account, Cross-Region Replication of Encrypted Objects in AWS S3: Simplified Data…In today’s digital landscape, data protection is paramount for organizations handling sensitive information. Amazon Simple Storage Service…11 min read·Jun 5, 2023--1--1
YaniinInfoSec Write-upsEnhancing API Gateway Security: Integrating AWS Cognito User Pools with Authorization Code GrantAmazon Cognito is a fully managed service provided by Amazon Web Services (AWS) that simplifies the authentication, authorization, and user…9 min read·May 27, 2023--1--1
YaniinInfoSec Write-upsThe Bind, Escalate and Impersonate Verbs For Privilege Escalation In The Kubernetes ClusterKubernetes role binding plays a critical role in controlling access to resources within a Kubernetes cluster, it grants the permissions…10 min read·May 12, 2023----
YaniinInfoSec Write-upsSingle Sign-On: OAUTH vs OIDC vs SAML — Part 2Welcome to Part 2 of our series on Single Sign-On (SSO) technologies. In the previous blog post, we went through SSO, OAuth, and OpenID…8 min read·Mar 26, 2023----
YaniinInfoSec Write-upsSingle Sign-On: OAuth vs OIDC vs SAML— Part 1User authentication is a critical component of online services and applications, enabling users to access secure resources while protecting…11 min read·Mar 25, 2023--1--1
YaniinInfoSec Write-upsEnforce Zero Trust With East‑West Traffic Encryption in Kubernetes with Istio — Part 2In part 1, we have gone over concepts of East-West traffic encryption with Istio in Kubernetes. In this section, we will set up Istio…8 min read·Feb 2, 2023----
YaniinInfoSec Write-upsEnforce Zero Trust With East‑West Traffic Encryption in Kubernetes with Istio — Part 1A typical enterprise’s infrastructure has grown increasingly complex, especially when they move from traditional monolithic software…6 min read·Jan 28, 2023----
YaniJNDI Injection Series: RMI Vector — The Final Piece of The PuzzleIn the previous three blogs (JNDI Injection Series: RMI Vector — Fundamentals, JNDI Injection Series: RMI Vector — Dynamic Class Loading…8 min read·Jan 11, 2023----
YaniinInfoSec Write-upsJNDI Injection Series: RMI Vector - Insecure DeserializationInsecure Deserialization in Java6 min read·Jan 7, 2023----