Author Archives: Nathan Aw

Is the "Assume Breach" Paradigm and Zero Trust Network/Architecture our last hope to stopping and/or reducing zero-day exploits?

Posted on by

I watched the Hafnium and Solarwinds attack with a profound sense of helplessness, dismay and despair. Is the "Assume Breach" Paradigm and Zero Trust Network/Architecture our only last hope to stopping and/or reducing zero-day e… Continue reading Is the "Assume Breach" Paradigm and Zero Trust Network/Architecture our last hope to stopping and/or reducing zero-day exploits?

A new programming paradigm (e.g., Rust) to reduce or end all zero-day vulnerabilities/exploits? [closed]

Posted on by

In view of the Hafnium and Solarwind hacks, where multiple zero-day vulnerabilities were used to ultimately stage the hack and data exfiltration, would the use of memory safe programming languages such as Rust to build software help to red… Continue reading A new programming paradigm (e.g., Rust) to reduce or end all zero-day vulnerabilities/exploits? [closed]

Assuming secure code practices are adhered to, is a thousand-tier/n-tier microservices application or a monolithic application more secure? [closed]

Posted on by

Assuming secure code practices are all adhered to for both applications, is a thousand-tier/n-tier microservices application or a monolithic application more secure?
From a monitoring, visibility standpoint, etc. I am trying to understand … Continue reading Assuming secure code practices are adhered to, is a thousand-tier/n-tier microservices application or a monolithic application more secure? [closed]

Would confidential computing/hardware-based TEE be the missing security jigsaw puzzle to counter data exfiltration?

Posted on by

Is confidential computing/hardware-based trusted execution environment (TEE) the missing security jigsaw puzzle to counter data exfiltration?
Today, we already have data encrypted at rest and data encrypted in transit (TLS) widely adopted…. Continue reading Would confidential computing/hardware-based TEE be the missing security jigsaw puzzle to counter data exfiltration?

A single microservice (e.g., a spring boot jar) can be dependent on more than 100 libraries – how to ensure that none of these are compromised?

Posted on by

It took only one DLL, the SolarWinds.Orion.Core.BusinessLayer.dll, to bring so many companies to the knees. To be more precise, just a couple lines of code in the single DLL.
In today’s cloud-native application development, a single micros… Continue reading A single microservice (e.g., a spring boot jar) can be dependent on more than 100 libraries – how to ensure that none of these are compromised?

Are polyglot microservices (multiple technologies) more secure than using a single technology framework?

Posted on by

As a full-stack cloud-native (AWS, Azure, and GCP) polyglot (Rust, Golang, Python, and Java) microservices developer, the nagging question that I have is if the use of multiple technology frameworks vs single language (e.g., Java) have inc… Continue reading Are polyglot microservices (multiple technologies) more secure than using a single technology framework?

In view of the solarwinds supply chain attack, what is the one thing one can an organization do to ensure such kind of attacks don’t come through? [closed]

Posted on by

In view of the solarwinds supply chain attack, what is the value of having so many different cybersecurity tools (containers security, firewall, defense in depth) and yet not be able to defend against such kind of attack?
What is the one … Continue reading In view of the solarwinds supply chain attack, what is the one thing one can an organization do to ensure such kind of attacks don’t come through? [closed]