Categories
IAM Security Server Vault

Practical Application: Implementing SSH security with TLS certificates

In any organisation of a large size managing access to servers and cloud resources is difficult. There is often a tradeoff between convenience and security. Changing these settings is also a bit scary in production as you can be locked out of your servers… One solution mentioned by facebook engineering and smallstep is to make […]

Categories
django django OAuth python Security

Using django-oauth-toolkit for Client credentials Oauth Flow

I’ve been wanting to secure my api – so unidentified and unathorized parties cannot view, update, create or delete data. This api is internal to the company and will only be used by other services – in other words no end users. Hence the delegation of authorization need not happen and the services will be […]

Categories
DevOps GNU/Linux Kong Security Server

Generate a letencrypt ssl certificate for kong api gateway

So you have installed kong and you are ready for it to go into production. Whoops, nossl certificate yet? It is important that you add it as credentials will be moving between your gateway and credentials could be acquired by any party in between the client and your server. But the standalone nginx plugin for […]

Categories
GNU/Linux Security Server ubuntu

Fail2Ban Custom filters and Testing Regex’s against existing Logs

Fail2ban is a tool that can automatically ban malicious bots trying to get into your server. Provided you set up filters and the ip address is logged you can use fail2ban with any application. fail2ban is built with python2.7 Create a filter, using a regular expression: In /etc/fail2ban/filter.d/my-custom-filter.conf: [Definition] failregex = ^www.example.com -.* “POST \/user\/register […]

Categories
Magento Security

How to Investigate vulnerabilities of a Magento Website (Greyhat hacking)

It is simple to find vulnerabilities and extract information for a magento instance / site. The developers are usually caught up in feature development instead of maintaining and securing the server. Many times the developers take on the role of system administrators and problems are only picked up after it is too late. Finding a […]