JWT – Token Based Authentication

In my earlier post on Cryptography, we looked at some of the cryptographic techniques and cryptographic functions that are commonly used to secure the data. In this post, we'll discuss JSON Web Token (JWT) which is one of the most commonly used token based authentication. It has become quite popular since it allows the distributed systems to … Continue reading JWT – Token Based Authentication

AWS VPC Network Security

One of my earlier post on AWS Virtual Private Cloud described  the basics of VPC including some of the security features it offers to control which packets move in and out of the VPC. In this article let's look at the VPC network security in further detail. Following diagram shows an example of how the security groups and … Continue reading AWS VPC Network Security

AWS – Identity and Access Management

Identity and Access Management (IAM) is widely used in most of the enterprises to authenticate and authorize the users to grant access to applications and systems that supports various functions within the organization. It is one of the basic components when it comes to enterprise security and defense in-depth principles that organizations adopt to protect … Continue reading AWS – Identity and Access Management

Spring Boot Mutual Authentication (2 Way SSL/TLS)

In one of my earlier articles on cryptographic basics, I discussed about the 3 basic services provided by cryptographic techniques i.e. confidentiality, integrity and authentication. Let's see how we can have confidentiality and authentication implemented in a Spring Boot Application. SSL/TLS establishes an encrypted link between client and server application such that all the communication between the … Continue reading Spring Boot Mutual Authentication (2 Way SSL/TLS)

Cryptography Basics

In the last two decades there has been a significant push towards digitization of services allowing us to do online shopping, banking, media streaming and the list goes on. In order to access these services, customers need to share their personal data and the highly sensitive data like credit cards, SSN, bank accounts details etc. with the service provider. Hence, … Continue reading Cryptography Basics