SACR Report: How Agentic Identity Access Platforms Are Re-architecting IAM in 2026 →
TRY AEMBIT
TALK TO AN ENGINEER
Blog
Blog
Blog
X

Blog

Category: Best Practices

The Ultimate Guide to MCP Security Vulnerabilities

The Ultimate Guide to MCP Security Vulnerabilities

SPIFFE focuses on who a workload is. It issues cryptographic identities to services and workloads so they can prove their authenticity to each other without relying on stored secrets. OAuth focuses on what a workload is allowed to do. It defines how access is delegated and controlled when one service needs to interact with another or call an external API.
Ashur Kanoon
Mar 2026
|
7 min read
SPIFFE vs. OAuth: Access Control for Nonhuman Identities

SPIFFE vs. OAuth: Access Control for Nonhuman Identities

SPIFFE focuses on who a workload is. It issues cryptographic identities to services and workloads so they can prove their authenticity to each other without relying on stored secrets. OAuth focuses on what a workload is allowed to do. It defines how access is delegated and controlled when one service needs to interact with another or call an external API.
Ashur Kanoon
Mar 2026
|
5 min read
MCP Authentication and Authorization Patterns

MCP Authentication and Authorization Patterns

In MCP, every request comes from a nonhuman identity: an agent, server or tool. These identities don’t act under direct human oversight. They generate requests dynamically, chain operations and carry data across trust boundaries.
Ashur Kanoon
Mar 2026
|
6 min read
CI/CD

The CI/CD Supply Chain Security Checklist (That Your Dev Team Will Actually Use)

Eliminate pipeline secrets, secure dependencies, and implement workload identity federation in 3 weeks.
Ashur Kanoon
Dec 2025
|
6 min read
MCP Server Communications

Securing MCP Server Communications: Beyond Authentication

Securing MCP servers requires rethinking the entire communication stack, not just adding TLS and calling it done.
Ashur Kanoon
Nov 2025
|
6 min read
2 legged vs 3 legged OAuth

2-Legged vs 3-Legged OAuth: Which Flow Fits Your Use Case?

Choosing the right flow is only the beginning. The real challenge is implementing either flow without creating persistent credential vulnerabilities that undermine your security.
Ashur Kanoon
Oct 2025
|
6 min read
OAuth vs OIDC

OAuth vs. OIDC: What’s the Difference and When Should You Use Each?

OAuth 2.0 and OIDC solve fundamentally different problems.
Ashur Kanoon
Oct 2025
|
5 min read
MCP Server Access

Auditing MCP Server Access and Usage

The dynamic nature of MCP makes a lack of visibility dangerous, as attackers can exploit complex workflows and ephemeral infrastructure to hide malicious activity.
Ashur Kanoon
Oct 2025
|
6 min read
Secrets Sprawl is Killing DevOps Speed — Here's How to Fix It

Secrets Sprawl is Killing DevOps Speed – Here’s How to Fix It

Secrets sprawl forces developers into constant rework while leaving organizations exposed to the exact security risks they’re trying to prevent.
Dan Kaplan
Oct 2025
|
5 min read
Simplifying IAM Migrations: Lessons for Hybrid Enterprises

Simplifying IAM Migrations: Lessons for Hybrid Enterprises

IAM migrations stall in hybrid enterprises due to massive on-prem Active Directory (AD) deployments, budget and regional constraints, and a lack of alignment among development, DevOps, and security teams.
Ashur Kanoon
Oct 2025
|
6 min read
Load More