Nathan Aw's Projects
Cybersecurity Mesh Resources
Email Cyber Hygiene, Trustworthy Email, and HTTPS reports to the appropriate technical or distribution addresses
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge.
Styra DAS and OPA Integration Samples
DataWave is an ingest/query framework that leverages Apache Accumulo to provide fast, secure data access.
Change data capture for a variety of databases. Please log issues at https://issues.redhat.com/browse/DBZ.
Public Key Infrastructures (PKI), or any other centralized identity attestation / stores, is primed to be disrupted by blockchain/distributed ledger technologies. Decentralized identity is an idea whose time has come. This paper critically and systematically examines how decentralized solutions such as uPort and Soverin enables decentralized identities to ensure how one's identity can be controlled and managed by the very owner instead of relying on entities such as Faceebook, Linkedin and Google.
The trust infrastructure in the World Wide Web (WWW) or Internet as we know today is centralized. This includes Public Key Infrastructures (PKI) and the Resource PKI (RPKI), which is the trust infrastructure for Autonomous System Numbers (ASNs) and IP addresses. Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public key infrastructure (PKI) framework designed to secure the Internet's routing infrastructure. Given the importance of RPKI, it is important to closely examine how blockchain/distributed ledger technologies (DLT) could be applied to improve, buttress and shore up the resiliency of today's RPKI. It is an imperative that critical internet infrastructure look into decentralization as a way to improve resiliency.
This paper outlines a pioneering, systematic, quantitative approach to the design and architecture of a decentralized single sign on (SSO) based on decentralized identifiers (DIDs)
This paper outlines a pioneering, systematic, quantitative approach to the design and architecture of a decentralized single sign on (SSO) based on decentralized identifiers (DIDs)
Securing Alice's, Bob's and Carl's software supply chain using in-toto
A secure JavaScript and TypeScript runtime
Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI, Google CloudBuild. No server required!
dev-ops or death-ops? In many attempt to digitally transform, organisations follow methodologies to the "T" result in digital death marches. This is not sustainable. To achieve sustained digital transformation, organisation must not often forget the crucial element -- the human. In this paper, we explore how dev-ops become death ops and how we can avoid this from happening. Remember -- sustained digital transformation is key to beating out competition, not merely delivery cadence. A Pyrrhic victory needs to be avoided at all cost.
A set of guidelines and best practices for an awesome engineering team
devops
Ultimate DevSecOps library
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
Create and verify DID verifiable JWT's in Javascript
Is governance in an "agile, move fast, fail fast" ethos diametrically opposed to each other? Quite on the contrary. Though governance may initially seem inimical to such an ethos, I argue that governance can in fact foster such as an ethos and achieve digital hyperspeed through defining good guardrails and targets.
Distributed Ledger Technologies (DLTs)/Blockchain Interoperability: a R3 and Quorum Interledger Connector
This paper systematically and rigorously explores the latent potential of distributed ledger technologies (i.e., Blockchain) to reinvent revolutionize and redefine the capital markets infrastructure
This paper argues that the adoption of Distributed Ledger Technologies/Blockchain exponentially speeds up the rate of digital diffusion in an organisation thereby transforming an organisation core quicker than any other digital technologies available out there.
OCI Distribution Specification
The distributed nature of blockchain / distributed ledger technologies (DLT) lends itself to the use for honeypots in cybersecurity efforts. If leveraged properly, DLTs/blockchain has the capabilities to transform and advance cybersecurity efforts.
The "jq" utility wrapped in a Docker image.
DOM fuzzer