Home » Author Archives: Remon Sinnema (page 4)

Author Archives: Remon Sinnema

Sandboxing Java Code

java-logo

In a previous post, we looked at securing mobile Java code. One of the options for doing so is to run the code in a cage or sandbox. This post explores how to set up such a sandbox for Java applications. Security Manager The security facility in Java that supports sandboxing is the java.lang.SecurityManager. By default, Java runs without a ...

Read More »

Signing Java Code

java-logo

In a previous post, we discussed how to secure mobile code. One of the measures mentioned was signing code. This post explores how that works for Java programs. Digital Signatures The basis for digital signatures is cryptography, specifically, public key cryptography. We use a set of cryptographic keys: a private and a public key. The private key is used to ...

Read More »

Building Both Security and Quality In

agile-logo

One of the important things in a Security Development Lifecycle (SDL) is to feed back information about vulnerabilities to developers. This post relates that practice to the Agile practice of No Bugs. The Security Incident Response Even though we work hard to ship our software without security vulnerabilities, we never succeed 100%. When an incident is reported (hopefully responsibly), we ...

Read More »

On Measuring Code Coverage

software-development-2-logo

In a previous post, I explained how to visualize what part of your code is covered by your tests. This post explores two questions that are perhaps more important: why and what code coverage to measure. Why We Measure Code Coverage What does it mean for a statement to be covered by tests? Well, it means that the statement was ...

Read More »

Behavior-Driven Development (BDD) with JBehave, Gradle, and Jenkins

jenkins-logo

Behavior-Driven Development (BDD) is a collaborative process where the Product Owner, developers, and testers cooperate to deliver software that brings value to the business. BDD is the logical next step up from Test-Driven Development (TDD). Behavior-Driven Development In essence, BDD is a way to deliver requirements. But not just any requirements, executable ones! With BDD, you write scenarios in a ...

Read More »

Eclipse with EclEmma: Visualizing Code Coverage

eclipse-logo

Last time, we saw how Behavior-Driven Development (BDD) allows us to work towards a concrete goal in a very focused way. In this post, we’ll look at how the big BDD and the smaller TDD feedback loops eliminate waste and how you can visualize that waste using code coverage tools like EclEmma to see whether you execute your process well. ...

Read More »

A Classification of Tests

software-development-2-logo

There are many ways of testing software. This post uses the five Ws to classify the different types of tests and shows how to use this classification. Programmer vs Customer (Who) Tests exist to give confidence that the software works as expected. But whose expectations are we talking about? Developers have different types of expectations about their code than users ...

Read More »

Outbound Passwords

software-development-2-logo

Much has been written on how to securely store passwords. This sort of advice deals with the common situation where your users present their passwords to your application in order to gain access. But what if the roles are reversed, and your application is the one that needs to present a password to another application? For instance, your web application ...

Read More »

XACML In The Cloud

software-development-2-logo

The eXtensible Access Control Markup Language (XACML) is the de facto standard for authorization. The specification defines an architecture (see image on the right) that relates the different components that make up an XACML-based system. This post explores a variation on the standard architecture that is better suitable for use in the cloud. Authorization in the Cloud In cloud computing, ...

Read More »

Security Requirements With Abuse Cases

software-development-2-logo

Gary McGraw describes several best practices for building secure software. One is the use of so-called abuse cases. Since his chapter on abuse cases left me hungry for more information, this post examines additional literature on the subject and how to fit abuse cases into a Security Development Lifecycle (SDL). Modeling Functional Requirements With Use Cases Abuse cases are an ...

Read More »
Want to take your Java Skills to the next level?
Grab our programming books for FREE!
  • Save time by leveraging our field-tested solutions to common problems.
  • The books cover a wide range of topics, from JPA and JUnit, to JMeter and Android.
  • Each book comes as a standalone guide (with source code provided), so that you use it as reference.
Last Step ...

Where should we send the free eBooks?

Good Work!
To download the books, please verify your email address by following the instructions found on the email we just sent you.