/Security

How Passwordless Works

- Alan Parra tl;dr: This post explains how passwordless can be implemented using modern technologies such as WebAuthn, while at the same time providing a better user experience and security than the traditional password-based approach.

featured in #409

Cloud-Native Privileged Access Management

tl;dr: DevOps practices have revolutionized how apps and infrastructure are managed, but access hasn't kept up. Shared secrets like passwords and keys – the #1 source of data breaches – are the norm. Teleport replaces shared secrets like passwords, keys, tokens, and even browser cookies with true identity, removing risk while letting engineers go fast.

featured in #400

Database Cryptography Fur The Rest Of Us

tl;dr: The author defines database cryptography, how it manifests for both relational and NoSQL databases, searchable encryption, and provides a case study of MongoDB’s Client-Side encryption.

featured in #394

Password Strength Explained

- Wladimir Palant tl;dr: From security expert Wladimir Palant: "There is lots of confusion about what constitutes a strong password however. How strong is my current password? Also, how strong is strong enough? These questions don’t have easy answers. I’ll try my best to explain however."

featured in #388

What's Identity-Native Infrastructure Access?

tl;dr: Unlock all Teleport Connect sessions to learn about infrastructure access from DoorDash, Dropbox, Discord, Vonage, and others when you RSVP for the Feb 9th event.

featured in #386

Why Your Team Should Be Using Just-in-Time Access

- Adam Buggia tl;dr: Least privilege in the cloud is hard, but progress can be made by taking a risk-based approach. Consider an attacker who obtained one of your developer’s credentials; what access would they have? By adding a temporal dimension to developer access policies, the attack surface can be significantly reduced for many security-breach scenarios. That’s where just-in-time access comes in.

featured in #382

How To Completely Own An Airline In 3 Easy Steps

- Maia Arson Crimew tl;dr: "I had trip sheets for every flight, the potential to access every flight plan ever, a whole bunch of image attachments to bookings for reimbursement flights containing yet again more PII, airplane maintenance data, you name it. I had owned them completely in less than a day, with pretty much no skill required besides the patience to sift through hundreds of results".

featured in #382

I Scanned Every Package On PyPi And Found 57 Live AWS Keys

- Tom Forbes tl;dr: "This post outlines the way I scanned PyPi, showcases a project I’ve built that automatically scans all new PyPi releases to notify AWS of potentially leaked keys, presents some analysis of the keys I’ve found and draws a few conclusions at the end."

featured in #379

Building Secure, Compliant Containers

- Elliot Volkman tl;dr: Containers are ideal for cloud-first organizations. However, as their use has grown, so have security incidents in container environments. Learn how to build secure containers that support business objectives.

featured in #376

The DevSecOps Maturity Model

tl;dr: A blueprint for assessing and advancing your organization’s DevSecOps practices to detect vulnerabilities and deliver digital services with more confidence.

featured in #367