Posted inSecurity
Stopping Brute-force: Deploying Authelia as SSO and 2FA for Web Systems
Secure your self-hosted web systems with Authelia. A detailed guide on setting up Single Sign-On (SSO) and 2FA to effectively stop brute-force attacks.
Posted inSecurity
REST API Security: Don’t Let Your System Crash Due to Basic Mistakes
Don't let your API be a gateway for hackers. Learn how to properly implement JWT, RBAC, and Data Validation to protect your entire system.
Posted inSecurity
Mastering SELinux Custom Policies: Don’t Disable Security Just Because of ‘Permission Denied’
Don't disable SELinux just because of a Permission Denied error. Learn how to create Custom Policies to protect Linux servers using the Principle of Least Privilege.
Posted inSecurity
Nginx Limit Request: A Shield Against ‘Guerrilla’ DDoS and Effective Traffic Throttling
Nginx Limit Request is an effective weapon against Layer 7 DDoS and spam bots. This guide covers detailed configurations for burst and nodelay, plus real-world traffic management tips.
Posted inSecurity
Runtime Security for Kubernetes with Falco: Real-time Anomaly Detection
Runtime security is key to protecting Kubernetes from threats hidden deep within containers. Falco, a powerful anomaly detection tool, helps you monitor and alert in real-time. This article guides you through installation, custom rule configuration, and practical tips to make Falco a robust shield for your cluster.
Posted inSecurity
How to Install and Use OpenVAS (Greenbone) for Linux Server Vulnerability Scanning
Protecting Linux servers from attacks requires regular vulnerability scanning. This article will guide you step-by-step through installing and using OpenVAS (Greenbone Vulnerability Management), a powerful tool, to proactively detect and remediate weaknesses in your system.
Posted inSecurity
Securing Microservices Communication with mTLS and SPIFFE/SPIRE: Real-World Tips
Securing communication between microservices is a significant challenge. This article guides you through implementing Mutual TLS (mTLS) and using SPIFFE/SPIRE for service identity management. From quick setup to practical tips, I share personal experience to help you build secure microservices systems following a Zero Trust model.
Posted inSecurity
OWASP ZAP Guide: Web Application Vulnerability Scanning from Basics to CI/CD Automation
This article shares practical experience with OWASP ZAP. It guides you through web application vulnerability scanning, from basic installation and configuration to automated CI/CD integration. The goal is to help you effectively protect your applications, detect security risks early, and maintain a secure system.
Posted inSecurity
Kubernetes Security: Essential Steps to Protect Your Cluster
A Kubernetes cluster has numerous security vulnerabilities out of the box if it isn't properly hardened. This article breaks down the most common causes and walks through setting up RBAC, Pod Security, Network Policy, secret management, and runtime monitoring to effectively protect your production cluster.
Posted inSecurity
System File Integrity Monitoring with AIDE on Linux: Early Intrusion Detection and Data Tampering Prevention
Ensuring Linux server security is a top priority, and File Integrity Monitoring (FIM) with AIDE is an effective solution. This article shares practical experience deploying AIDE for early intrusion detection and prevention of system data tampering.