Ultimate Security Professional Blog

Blog of Michael Furman

TLS Communication with Ghostunnel

What will I cover in this post? We will learn how to use ghostunnel for the TLS communication between non-TLS client and server. In this post, I plan on: Explaining what is ghostunnel Explaining how to to configure ghostunnel Explaining advanced security settings What is ghostunnel? The ghostunnel site explains it very well: Ghostunnel is a simple TLS proxy with mutual authentication support for securing non-TLS backend applications.

Simple way to generate a Subject Alternate Name (SAN) certificate

What will I cover in this post? We will learn how to generate the Subject Alternate Name (or SAN) certificate in a simple way. In this post, I plan on: Explaining what is the SAN certificate Explaining how to create the SAN certificate using the Java keytool Explaining how to export the certificate private and public keys using OpenSSL Explaining how to create the Certificate Signing Request (CSR) for the SAN certificate using the Java keytool What is the SAN certificate?

SameSite cookies - Everything You Need to Know

What will I cover in this post? Google Chrome recently released an update that began enforcing a new cookie policy. The new update affects the SameSite cookie attribute, making it Lax by default. This change will also be enforced by all other major browsers. In this post, I plan on: Describing the SameSite cookie attribute and its settings Explaining the new cookie policy and why it is important Providing some best practices Personally, from a security perspective, I think this is a great policy and that the new changes make the internet a much safer place.

Istio Mutual TLS Demo

What will I cover in the post? You will see how to configure secure service-to-service communication using Istio. Istio Mutual TLS Demo I will show the Istio Mutual TLS Demo that explained in the Istio Example. The demo will show configuration of secure service-to-service communication using Istio. As I have described in my previous post I will use Google Kubernetes Engine (GKE). The Istio installation is very simple: you just need to select “Enable Istio” during the creation of your GKE cluster.

Adding Secure HTTP Headers via Istio Envoy Filter

What will I cover in the post? You will see how to increase the security of your web application using Secure HTTP Headers. Secure HTTP Headers Secure HTTP Headers allow to increase the security of your web application in the very simple way. The recommended Secure HTTP Headers can be found at the OWASP site. Istio Bookinfo Demo application In my previous post I have described how to install the Istio Bookinfo Demo application.

Istio Grafana Demo

What will I cover in the post? You will see how to visualize Istio metrics via Grafana dashboards. Istio add-ons Istio add-ons allow to use advanced Istio features. Istio Grafana add-on Grafana is an open source metric analytics & visualization suite. Grafana add-on allows to you to visualize Istio metrics collected by Prometheus via Grafana dashboards. Istio Bookinfo Demo application and Prometheus add-on In my previous posts I have described how to install the Istio Bookinfo Demo application and Prometheus add-on.

Istio Prometheus Demo

What will I cover in the post? You will see how to query Istio metrics using the Prometheus add-on. Istio add-ons Istio add-ons allow to use advanced Istio features. Istio Prometheus add-on We will start from the Prometheus add-on. Prometheus is an open-source systems monitoring and alerting toolkit. Prometheus add-on allows to you to query Istio metrics. Istio Metrics Istio generates metrics for all service traffic. The partial metrics list is below:

Istio Simple Demo

Couple of personal words … Dear Readers! In the past I posted posts related to the application security and Keycloak. I have learned Istio recently and I will happy to share my knowledge. You will continue to see my Keycloak posts, but you will also enjoy form my DevSecOps posts. Stay tuned! What will I cover in the post? You will understand what is is Istio and then You will deploy a simple demo that show how to use Istio.