Key Exchange

Please read my previous article on TLS to understand the key exchange step. Key exchange is a protocol, where keys are shared between two trusted parties over an untrusted network. The keys can then be used to perform other cryptographic operations like encryption, decryption, signing, etc. Key exchange is a fundamental construct used to secure… Continue reading Key Exchange

Part 1: Consuming secrets from an Azure Kubernetes Service (AKS) container – Linux

Overview When a Kubernetes cluster is set up in an AKS environment, you can associate that with an AAD service principal or an MSI (Managed Service Identity). Usually, you would use this identity to access "cluster-specific" resources, e.g. Container Registry, Key vault storing cluster secrets, Storage accounts with additional artifacts, etc. But suppose you are… Continue reading Part 1: Consuming secrets from an Azure Kubernetes Service (AKS) container – Linux

Why do we need TLS 1.3?

A Brief History of TLS TLS (Transport Layer Security) is a protocol that provides secure communication at the application layer of the OSI Network Model. It essentially provides three main functions – confidentiality, repudiation and data integrity between two parties communicating over the internet. It has two parts – (a) the record protocol which provides… Continue reading Why do we need TLS 1.3?

Understanding Distributed Denial of Service (DDoS)

What is DoS? DoS stands for Denial of Service, which is a means of attack on a specific website or service, where an adversary sends a huge number of requests from a machine, thus by overloading the server. An overloaded server is too busy serving the adversary requests and dropping legitimate request from actual customers.… Continue reading Understanding Distributed Denial of Service (DDoS)

Some thoughts on the Security of Cookies

Websites use cookies to manage user login sessions and sometimes tracking users' behaviors. So, essentially a cookie is a set of key-value pair data, that is downloaded and stored in the client machines. Each cookie is created by a "website", and the web browsers send the cookie as an HTTP header when the client accesses… Continue reading Some thoughts on the Security of Cookies

Service-to-Service Authentication on the Cloud

Overview Service-to-Service authentication over the cloud is probably one of most common authentication scenarios that are required. A service calling another service could be within the same domain boundary, e.g. a micro service calling another micro service or could be across the domain if the service is calling another service outside its own boundary. Essentially,… Continue reading Service-to-Service Authentication on the Cloud

Managing Secrets for your Service in the Cloud

Application in the cloud ranges from a simple single page application to complex applications running complex logics across multiple boundaries and geographic regions. Irrespective of what kind they are, they must deal with secrets. Managing secrets is usually hard, especially when the application needs to be compliant, and the application has a big user base,… Continue reading Managing Secrets for your Service in the Cloud

Asymmetric Encryption in your .Net Application

For almost all applications in the cloud, there are times when the developer needs to write some code to perform encryption. Most of the scenarios can be fulfilled with a symmetric key encryption, but the key management becomes harder when the encryption and the decryption are across multiple security boundaries. The best options in such a… Continue reading Asymmetric Encryption in your .Net Application

OAuth 2.0 and OpenId With Azure Azure Active Directory (AAD)

Overview of OAuth 2.0 The OAuth 2.0 protocol is an open standard for delegated authorization scenarios. The term delegation in here means the user lets an application access its data in it its behalf. The OAuth 2.0 protocol is widely accepted to provide capabilities to Web API to make authorization decisions, without requiring for the… Continue reading OAuth 2.0 and OpenId With Azure Azure Active Directory (AAD)