security

26 posts
mongodb

Security best practices for MongoDB

Configure Transport Layer Security to encrypt all traffic to and from the database. Use at rest encryption to protect the contents of the DB in the event that someone is able to copy the database files (in a backup, for instance) or the server image.…

api

Ways to hack an API and how to defend

Use base-level encryption to allow functionality to operate as expected but obscure relationships between data to defend against reverse engineering. To defend against spoofing you can encrypt all traffic in transit.…

security

Top 5 cybersecurity predictions for 2020

Credential stuffing, where hackers steal login credentials from one site and use the same credentials to break into a user’s accounts on other sites, will continue to be an easy attack.…

security

Production secret management at Airbnb

Airbnb built an internal tool Bagpiper which is a collection of tools and framework components that it uses for the management of production secret assets. They designed it to decouple secret management from other app configurations as Airbnb scaled, and to ensure a least-privileged access pattern…

Issue64

How not to store passwords

One of the good options for storing passwords is key derivation functions. They require more compute time to get cracked which means an attacker needs to spend more money to crack them.…

Issue63

Security traps to avoid when migrating from a monolith to microservices

Rollback to the last known good state after a failure is more complex with microservices, so program in reverts carefully for data integrity.…

Issue54

3 steps toward improving container security

Focus on how you build access rules and permissions. Understand the level of granularity needed right from day one to build this. Harden the container host with policies to prevent resource abuse.…

Issue54

Secure databases in complex backend systems with these 5 best practices

Keep application and database servers on different physical machines, with a high-performance host for the apps & high-level security for databases. Encrypt data residing on servers with a private key and also encrypt before transit.…

Issue49

Serverless security risks

Event data injections are really hard to identify & block in serverless architecture. Broken authentication is a big risk.…

Issue50

The most common types of ATO attacks

ATO (account takeover) attacks are dangerous because when your system thinks the attacker is a legitimate user, your security safeguards won’t be able to protect your system.…