Cyber Security
Zero Trust, penetration testing, DevSecOps, supply chain security, and keeping systems safe in practice.
Zero Trust Architecture: A Practical Enterprise Guide
The old idea of a safe internal network no longer works. This guide walks through how to set up identity based access, continuous verification, and proper network segmentation across a mixed enterprise setup.
Software Supply Chain Attacks and How to Protect Your Build Pipeline
The SolarWinds and XZ Utils incidents showed that attackers do not always go through the front door. They compromise the tools and libraries you trust. This post covers SBOM generation, sigstore, and practical steps for locking down dependencies.
How to Run a VAPT Against Your APIs
Vulnerability assessments on APIs are different from testing a web UI. This post walks through running structured tests against REST and GraphQL APIs using OWASP ZAP, Burp Suite, and Postman, and what to do with the findings.