Cloud & NFV Consulting
Joscor Consulting offers experience and insight into your organization’s cloud strategy. We are experts in planning and implementing at-scale OpenStack and NFV solutions.
Cloud Automation & Strategy
Modern security requires a modern way of logging in. Unfortunately, administrators and end-users are slow to break out of the horribly insecure practice of using (relatively) simple usernames and passwords to access critical systems. There are many great solutions on the market that address this exact issue and we’ve worked with a lot of them. Your service could have the strongest SSL / TLS, the most reviewed and tested code, but if your authentication scheme is weak, your entire service becomes inherently weak.
We can audit your current authentication system and, after also reviewing the level of data security needed, provide solutions ranging from Two-Factor Authentication products / services to seamless, controllable API authentication methods such as OAuth or SAML.
No one likes being vendor-locked due to incomprehensible code. We’re darn proud of the software and solutions we make and we write all of our code expecting others to be updating and reviewing it later.
We focus on 4 core programming values:
- Cleanliness – Code should be easy to understand and have obvious context at all times.
- Preparedness – Never underestimate users; Code for the worst.
- Exposure – All code is production-ready and continuously reviewed.
- Scalable – Code must be elastic and be able to easily grow with the business.
The starting point of any security consultation is a baseline security audit. This is where we can find out how your service is built, where its weaknesses and strengths are, and how to begin forging a strategy to improve your overall information security.
Identifying potential security issues is one of the most important steps your business can take to minimize risk. If you don’t know where and how you can be attacked, you stand little chance in actually enhancing security in any meaningful way. There are plenty of tools and frameworks that can be used to “increase security” of A-Z but none of them are 100% effective nor cover all attack vectors. It’s of paramount importance to understand how you can be attacked so proper remediation can be implemented and provide real protection.
Recently, I needed to build a project for OpenStack that required that I not know the end-user's authentication method. I had used the clouds.yaml (cloud configuration file) approach before, so I thought I'd give it a go and test it out with a few...
If you're using SAML 2.0 Enhanced Client or Proxy (ECP) with OpenStack Keystone, it may not be obvious how to use the mainstream OpenStack client to authenticate. The example RC file below will hopefully shed some light on how to get started....
Robinhood UI project I've published a new Github project that demonstrates how to build applications and services against the unpublished Robinhood Finance API. Unfortunately, Robinhood doesn't make their API information publicly available (you have to request it and...