#authentication#authorization#identity#security
The Risks of User Impersonation
What is user impersonation? User impersonation is anything that allows your systems to...
Warren Parad20 min read
Organization profile
Authress Engineering Blog
Delivering plug-in security API for any software application. Authress is the Lock in the identity lock and key model. Security doesn't end with Authentication.
Articles by @authress
Browse the latest writing surfaced through DevArt.
Warren Parad20 min read
#googlecloud#security#startup#oauth
Are millions of accounts vulnerable due to Google's OAuth Flaw?
This article is a rebuttal to Truffle Security's post on Millions of Accounts Vulnerable due to...
Warren Parad9 min read
#architecture#security#backend#programming
How does machine to machine authentication work?
Machine to machine auth is how you ensure secure communication between individual services, and each...
Warren Parad11 min read
#aws#architecture#microservices#monitoring
AWS Advanced: Serverless Prometheus in Action
(Note, this article continues from Part 1: AWS Metrics: Advanced) We can't use...
Warren Parad12 min read
#aws#architecture#monitoring#microservices
AWS Metrics: Advanced
Normally I'm the last proponent of collecting metrics. The reason is: metrics don't tell you...
Warren Parad10 min read
#devops#api#security#architecture
Denylists and Invaliding user access
This article is part of the Authress Academy and discusses the different ways to invalidate a user's...
Warren Parad11 min read
#programming#architecture#development#backend
Myths about API HTTP clients
Having built many Product APIs in my experience for multiple companies, there are a number of Myths...
Warren Parad6 min read
#rest#microservices#monoliths#api
Breaking up the monolith: Breaking changes
Before we get into how to handle a breaking change, we should first identify what is even a breaking...
Warren Parad11 min read
#logging#aws#cloudwatch#microservices
AWS CloudWatch: How to scale your logging infrastructure
An obvious story you might decide to tell yourself is Logging is easy. And writing to the console or...
Warren Parad8 min read
#microservices#architecture#authentication#authorization
Step-up authorization
Step up authorization is the process of converting a user’s auth from a base level to an elevated or...
Warren Parad6 min read
#architecture#microservices#migration#database
Breaking up the monolith: Zero downtime migrations
It’s pretty common in monolith architectures to have to handle migrations. But this isn’t the only...
Warren Parad4 min read
#security#aws#saas#architecture
Adding Custom Domains to your SaaS
You're building out a SaaS solution and realize for one reason or another supporting custom domains...
Warren Parad7 min read
#authentication#auth#aws#identitymanagement
AWS Cognito: Don’t go to production
AWS Cognito is AWS auth solution, it’s much better than Azure’s and many others that think Auth is...
Warren Parad7 min read
#dns#aws#route53#domains
My DNS doesn't work
Making changes to your DNS and it still doesn't work, here's a troubleshooting guide
Warren Parad4 min read
#cors#http#website
I got a CORS error, now what?
How to solve those nasty CORS errors that pop up all the time
Warren Parad5 min read
#architecture#audit#monolith#software
Breaking up the monolith: Magic identifiers
A common pattern often found in software engineering is magic identifiers. These identifiers are used...
Warren Parad8 min read
#iam#aws#cicd#cybersecurity
When to use AWS Credentials
Never. That’s the end of the story… Okay not really, there is one great use case for using AWS...
Warren Parad5 min read
#ciam#authorization#iam#jwt
JWT access token misconceptions
Identity providers solve the issue of identity verification, but never include solutions for CIAM...
Warren Parad6 min read
#awsiamrole#gitlabci#ststoken#gitlab
AWS + Gitlab — Leveling up security of your CICD platform.
AWS + Gitlab — Leveling up security of your CICD platform. For eons there have only been...
Warren Parad4 min read
#security#microservices#platformarchitecture
Security for deleting resources
The most common lifecycle of a resource flows from Creation , to Updates , to Deletion. When a...
Warren Parad4 min read
#userdata#cyberattack#cybersecurity#databreach
Breach — Enabling emergency data protection
Breach — Enabling emergency data protection US Capitol building (Washington D.C.) The...
Warren Parad6 min read
#apiauthentication#serviceclients#privatekeys#microservices
API Authentication : Creating service client API keys
Applications that provide first class APIs require more than simple authentication, they require...
Warren Parad3 min read
#usermanagement#jwt#authentication#auth
Setup user authentication with any identity provider
Authentication more frequently works as identity aggregation. This means that it provides a central...
Warren Parad3 min read
#architecture#applicationsecurity#microservices#software
How to secure a multitenant application architecture
A Multitenant application Multitenancy is the concept that your application serves...
Warren Parad4 min read
#microservices#authorization#privacy
So you want to build your own authorization?
Perhaps it happened to you. You’re working on a project, developing some fancy software where users...
Warren Parad4 min read
#microservices#security#authorization#architecture
7 Steps to Web Application Security
Every aspect of your technology can be vulnerable to some sort of exploit. Each of these is a...
Warren Parad6 min read