Michal Trojanowski

Aug 13, 2024 | curity.io | Michal Trojanowski

There are many aspects to securing digital services. This can include everything from authenticating users, to arming your software supply chain, protecting against malicious code injection, and more. One critical area is your API authorization. When you look at OWASP’s top 10 API security vulnerabilities, broken authorization is not only listed as number one but also appears a few times (as different flavors of broken authorization, such as BOLA, BOPLA, and BFLA).

Jun 25, 2024 | curity.io | Michal Trojanowski

In March this year, I visited Paris with my Curity colleagues for the European rendition of KubeCon. On this side of the Atlantic, the Linux Foundation hosts the event annually in a different city. We’ve been to one KubeCon before, in 2023 in Amsterdam, and again, we encountered something spectacular — a gathering of well over 10,000 engineers and cloud experts. Overall ExperienceDespite being very large, KubeCon didn’t feel overcrowded and was very well organized.

Oct 10, 2023 | thenewstack.io | Michal Trojanowski |Richard MacManus |Jelani Harper |Loraine Lawson

Decentralized identities are quickly gaining traction, notably outside of the Web3 community. These new technologies will allow the use of digital credentials issued by verified parties, like governments and universities, in a standardized way. The concept introduces the issuer-verifier-holder model, which can be summarized at a high level with this diagram:One of the most important features shown here is that there is no direct link between the verifier and the issuer, only a trust relationship.

Oct 6, 2023 | thenewstack.io | Michal Trojanowski |Jennifer Riggins |Wes Kennedy |Fendy Feng

When developing remotely, do you use a cloud development environment (CDE)? This new class of IDEs includes Gitpod, Github Codespaces and others. ✓Yes, I use a CDE when developing remotely. 0%✓No, I only connect to my own computer or server. 0%✓I do not develop remotely, but I do work on code. 0%✓I don't write code and am not a developer. 0%

Mar 20, 2023 | thenewstack.io | Michal Trojanowski |Alexander Williams |David Eastman |Richard MacManus

JSON web tokens (JWTs) are great — they are easy to work with and stateless, requiring less communication with a centralized authentication server. JWTs are handy when you need to securely pass information between services. As such, they’re often used as ID tokens or access tokens. This is generally considered a secure practice as the tokens are usually signed and encrypted.