Posts

LinkedIn Recommendations for Jegan Sri Mohan Ram | Cybersecurity Expert

Image
Welcome to my LinkedIn recommendations page. Here you'll find professional recommendations from colleagues, managers, clients, directors, executive directors, CTOs, CSOs, and other senior technology leaders that reflect my experience in cybersecurity, web application security, WAF engineering, SIEM, DevSecOps, AI-assisted security, and technical leadership. If you're interested in collaborating on cybersecurity projects, consulting, or training, feel free to contact me at +91-9790239061 Jegan LinkedIn Recommendations

Advanced OpenResty Reverse Proxy Configuration with GeoIP, ModSecurity, and Lua Load Balancing

Copy Code Example OpenResty Reverse Proxy Features This is an OpenResty (Nginx with Lua scripting capabilities) configuration for a reverse proxy that performs several advanced functions, including: HTTP to HTTPS redirection. SSL/TLS termination. Web Application Firewall (WAF) using ModSecurity. GeoIP-based routing: Directing users to different backend server pools based on their country. Custom Lua-based load balancing: Health checks for backend servers. Least connections algorithm (weighted) to select a backend. Custom logging including GeoIP data and selected backend. Let's break down each file and its components: nginx.conf (Main OpenResty Configuration) This file sets up the global Nginx/OpenResty environment. Copy Code worker_processes 1; worker_processes 1;: Configures Nginx to use a single worker process. For production, this is usually set to auto or the...

JWT Structure

  JWT Structure The token is composed of three parts, separated by dots: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6Im9wZW5zb3VyY2VqZWdhbkBnbWFpbC5jb20iLCJyb2xlcyI6WyJ1c2VyIl0sImV4cCI6MTczMzU3MzA2MX0.nxBknSlySJ0JQIFg5BpmnZhZV6VZ0Mshu7opFFgPLSc 1. First Part (Header): eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9 When decoded (base64), it reveals: { "typ" : "JWT" , "alg" : "HS256" } JSON Copy typ : Type of token (JSON Web Token) alg : Algorithm used (HMAC SHA256) 2. Second Part (Payload): eyJ1c2VybmFtZSI6Im9wZW5zb3VyY2VqZWdhbkBnbWFpbC5jb20iLCJyb2xlcyI6WyJ1c2VyIl0sImV4cCI6MTczMzU3MzA2MX0 When decoded, it reveals: { "username" : "opensourcejegan@gmail.com" , "roles" : [ "user" ] , "exp" : 1733573061 } JSON Copy username : User's email roles : User's roles (in this case, "user") exp : Expiration timestamp (Unix timestamp) 3. Third Part (Signature): nxBknSlySJ...

Jegan's SSO Auth System Code Explanation

  https://docs.google.com/document/d/1tVIsBVRwF9cESAvhBLbqwJftuJtXcx8t-fO4KmB1QaQ/edit?usp=sharing API Routes /api/signup : Handles user signup. Validates email and password, checks if the email is allowed, hashes the password, stores user data in the database, and sends a welcome email. /api/enroll : Handles TOTP enrollment. Generates a TOTP secret, stores it, and returns a QR code for 2FA setup. /api/login : Handles user login. Validates credentials, checks account lock status, generates tokens, and sets them as cookies. /api/validate : Validates the access token and returns user information if valid. /api/token/refresh : Refreshes the access token using a valid refresh token. /api/update_role : Updates the role of a user. /api/logout : Logs out the user by revoking tokens and clearing cookies. /api/request_reset : Initiates a password reset by generating a reset token and sending it via email. /api/reset_password/ : Resets the user's password using a valid reset token.

Mermaid diagram syntax for Token-based authentication system

 sequenceDiagram     participant User     participant Browser     participant AuthServer     participant Database     % Login Flow     User->>Browser: Enter Credentials     Browser->>AuthServer: POST /api/login     AuthServer->>Database: Validate Credentials     alt Credentials Valid         Database-->>AuthServer: User Found         AuthServer->>AuthServer: Generate Access Token         AuthServer->>AuthServer: Generate Refresh Token         AuthServer->>Database: Store Refresh Token         AuthServer-->>Browser: Return Tokens         Browser->>Browser: Store Tokens in HTTP-only Cookies         Browser-->>User: Login Successful     else Credentials Invalid         D...

Enhancing Flask SSO with Role-Based Access Control (RBAC)

Enhancing Flask SSO with Role-Based Access Control (RBAC) Enhancing Flask SSO with Role-Based Access Control (RBAC) To enhance your Single Sign-On (SSO) application with Role-Based Access Control (RBAC), you need to implement a mechanism to assign roles to users and control access to different routes or resources based on those roles. Here's how you can do it step by step: 1. Extend the Database Schema You'll need to add a role column to the users table so that each user can be assigned a role, such as "admin," "user," or any other custom role. def init_db(): try: with sqlite3.connect('sso_service.db') as conn: c = conn.cursor() c.execute('''CREATE TABLE IF NOT EXISTS tokens (token TEXT PRIMARY KEY, username TEXT, token_type TEXT, expiration DATETIME)''') c.execute('''CREATE TABLE IF NOT EXISTS totp_secrets (username TEXT ...

Concept of WSL (Windows Subsystem for Linux) in Windows 2022 Server

Image