Recently during an interview, I was asked a question about how much I know about security. At first, I paused for a few seconds because honestly, I didn’t know how to answer the question. Eventually, I answered as a developer I am making sure I am doing this, doing that, and following these best practices! After my interview, I was telling myself that I should know about the security best practices for developers and engineers....
TL;DR OAuth 2.0 OAuth 2.0 is used for authorization. Terminology: Roles: Client: the application that wants to access the data. Confidential Clients: the clients with the ability to maintain the confidentiality of the client_secret. Public Clients: the clients that cannot maintain the confidentiality of the client_secret. Resource Owner: the user who owns the data. Resource Server: the system that authorizes access to the data. Authorization Server: the system which has the data that the client wants to access....
TL;DR A study shows there is a cybersecurity attack every 39 seconds. In a typical SSH protocol: the server trusts the client if the client’s public key is listed as authorized, and the client trusts the server’s public key on first use (TOFU). The trust on first use (TOFU) approach delegates the trust to the clients and leave them vulnerable to man-in-the-middle attacks. One solution to fix this is using SSH certificates and SSH certificate authorities (CA)....
TL;DR A container is a package format and a content addressable bundle of content addressable layers! namespaces and cgroups are two key features of Linux kernel enabling containerization. Containers running on a host share a single Linux kernel! (a singler scheduler, a single memory manager, and so on) The Linux kernel has so many known and unknown bugs! Sandboxes are a way of getting an extra layer of isolation for containers....