On Making Spring Security OAuth RFC-compliant
On Fixing Spring Security OAuth: I fixed a small HTTP header extractor for the Spring Security OAuth open source project recently. Here's what happened & what I learned...
Weak Crypto, Github SAML Attack & Twitter Security UX
Want to use JWT for password-reset or email activation? Turn app state into HMAC-keys to guarantee one-time use of JWTs! This is how it works …
Single-Use JWT: Unlocking the Power of Stateless One Time Token
I delve into the transformative potential of JWTs as one-time tokens, exploring their advantages, implementation considerations, and real-world use cases.
AWS DynamoDB: Backup & Recovery Strategy
In this article, I outline a DynamoDB backup and recovery strategy based on Datapipelines, S3 & AWS Lambdas.
Abusing JSON: Why AWS CloudFormation sucks?!
Infrastructure as code is great but AWS Cloudformation is not! Learn why JSON-based Cloudformation is bad and what alternatives exist …