authorization Archives

White Paper: Security Best Practices in Application Development

Keyhole Software July 19, 2022 Articles, Consulting, Keyhole Creations, Security Leave a Comment

This white paper provides key takeaways for application stewards and software leaders to improve application security, with examples of common application security liabilities and suggestions for remediation. Topics include:

An in-depth look into Security Culture and the importance of the people element in adopting a security-first outlook.
An explanation of common application practices we frequently see in the wild that can be inherently risky, with suggestions for best practices.
A security checklist to determine critical areas of higher risk to prioritize in your journey to a more secure application.
An explanation of the security Surface Area and how to minimize it starting from your source code.
Strategies to protect Authentication and Authorization and a comparison between Third-Party solutions and rolling your own auth.
A deep dive into built-in Application Security and an exploration of strategies that might help your business, including Network-Level Security, WAF, Payload Encryption, SSL, Cloud Configuration, and SIEM…

Design Pattern: Microservice Authentication + Authorization

David Pitt April 11, 2019 Articles, Development Technologies & Tools, Microservices, Security 3 Comments

I’ve been in the software development business for a long time and I can’t tell you how many login screens with authentication logic I have implemented. You might say that one of the most prevalent user stories is the need to log in and securely authenticate a user’s access to an application.

Here at Keyhole Software, we have implemented countless login and authentication approaches for applications, along with simple to sophisticated authorization schemes enforcing access control of applications. Of course, you can utilize the single sign-on type of technologies such as OAuth or OpenID, which offload the development of a login UI and the logic for authentication/authorization. However, these standards are not always utilized in enterprise environments. Many enterprises will have a single authentication mechanism that exploits a federated operating system network such as LDAP. A login UI still has to be created and authorization rules still have to be applied to each application.

Over the last few years, we have helped organizations transition away from monolithic-based applications to isolated microservice-based architectures. With Microservices, authentication and authorization logic is now spread across many decoupled distributed processes. It was a bit simpler with monolithic architectures as only a single process is authenticated and contains access control rules defined.

In this blog, we discuss a design pattern for authorization and authentication for use in a distributed microservices environment.

JSON Web Tokens With Spring Cloud Microservices

Thomas Kendall June 20, 2016 Articles, Java, JavaScript, Microservices, Security, Tutorial 5 Comments

Attention: The following article was published over 9 years ago, and the information provided may be aged or outdated. Please keep that in mind as you read the post.At Keyhole, we have published several blogs about Microservices. We’ve talked about architectural patterns used in a Microservices environment such as service discovery and circuit breaker. We’ve even posted blogs on platforms …

Company

services

technologies

Dev Blog