security
Git hosting and ed25519-sk
Little feedback about hardening git requiring your physical security key (Yubikey & co) using ed25519-sk.
Hashicorp Vault: Migration from Cloud seal to Shamir seal
Why and How migrating from a Cloud seal to Shamir seal
Azure App Services Web Apps Configuration - Versioning
Azure App Services Web Apps Configuraton, external versioning solution… KISS way
Azure - Set expiration on all secrets
When enforcing policy on Key Vault, we need to set expiration on secret. This is the quick way to do it
Fix Azure WAF & AD OpenID Connect
Azure WAF custom rule to allow Active Directory OpenID Connect
NET NEUTRALITY - Bitel: Drop DNS Bypassed
Bitel drops DNS traffic to other servers than their owns. This is the way to to bypass this attack on net neutrality and security.
Why do you must use server-side sessions?
Do you respect your users? Do you want the best security for them? In that case, you must use server-side sessions.
Why Not Using Vault Upstream?
I explain why I don't use Vault from upstream for dev/pre-prod/prod environment. It's about security.
Nginx: TLS without LUCKY13
My public TLS configuration for nginx and I hardened a little: removing a lot of ciphers and LUCKY13 vuln. Now, you've a true TLS config for your nginx.
How to force CloudFlare WAF: mTLS
We'll see how it's possible to do mutual TLS (mTLS) with nginx and force your users to pass through CloudFlare WAF and reject all direct connections.
No unauthorized access to WordPress Admin
How to prevent your WordPress to be hacked, having unauthorized access to your admin panel?