Tag: Security
-
Security In The Cloud: 7 AWS Best Practices
In this article I describe 7 AWS best practices to ensure the security in the Cloud. I explain how to configure the VPCs, the IAMs and the naming strategy for any service.
-
Advantages and Disadvantages of the JWT
A JSON Web Token (JWT) is widely used for stateless application authentication, but has limitations. It consists of three parts, including a signature for verification. However, it is susceptible to decryption, thus sensitive information like passwords should not be stored. Despite drawbacks, it offers a condensed JSON object and industry standard authentication. It’s important to…
-
Workflow of the Forget Password Strategy
In this article I explain the workflow of the password recovery strategy. I explain how to link the new password with the user, and how to generate a secure link that can only be used once.
-
Solve the CORS error with Spring Security
In this article I explain how to configure the CORS allowed frontend in a Spring Boot application when using Spring Security.
-
How I Solved 20 Vulnerabilities in Less Than An Hour
In this article I describe the steps I’ve followed to solve more than 20 vulnerabilities of a project in less than an hour. I show all the steps to follow from finding the problem to deploying the solution to the production environment.
-
Authenticate Your Angular Application with JWT
In this article, I create an Angular application protected by JWT. I create a public component, private component and login component to show the different usages of each one. I use the JWT with the requests to my backend in the HTTP headers.
-
Protect your Spring Boot application with JWT
The article provides a comprehensive guide on how to protect a Spring Boot application using JWT and Spring Security. It offers a detailed explanation on various aspects, including adding dependencies, encoding passwords, creating login endpoints, JWT HTTP filtering, and configuring Spring Security. It also emphasizes the importance of having protected routes and a HTTP filter…
-
How to connect to a PostgreSQL database through a SSH tunnel
When working with a remote database, it’s infrequent to have it accessible through the Internet. When accessing a database of a project, I use to go through another machine, through a bastion host.
-
Which Authentication System to Choose?
Choose the right authentication system without compromising the security. This may be a hard topic to handle on every project.
-
A Password Management Tool, Keepass
How Many Passwords Do You Manage Every Day? I only have to remember 1 password to manage my hundreds of accounts. I store all them in a password management tool, such as Keepass, KeepassX or KeepassXC.