Home » Tag Archives: Security

Tag Archives: Security

Top 10 Lists for Designing and Writing Secure and Safe Software

software-development-2-logo

If you care about writing secure code, should know all about these Top 10 lists: OWASP Top 10 The OWASP Top 10 is a community-built list of the 10 most common and most dangerous security problems in online (especially web) applications. Injection flaws, broken authentication and session management, XSS and other nasty security bugs. These are problems that you need ...

Read More »

Implementing Client-Side Row-Level Security with jOOQ

jooq-2-logo

Some time ago, we’ve promised to follow up on our Constraints on Views article with a sequel showing how to implement client-side row-level security with jOOQ. What is row-level security? Some databases like Oracle or the upcoming PostgreSQL 9.5 provide native support for row-level security, which is awesome – but not every database has this feature. Row level security essentially ...

Read More »

How to Keep REST API Credentials Secure

software-development-2-logo

If you are building mobile apps then you are connecting to some REST API. For example, if you want to resolve an address to a latitude/longitude information to display on a map, you might use the Google Geocoding API: https://maps.googleapis.com/maps/api/geocode/json?address=San Francisco,CA&key=AIzaSyDvFMYGjeR02RH If you are invoking the API from the client, then the API key also has to be present on ...

Read More »

9 Security mistakes every Java Developer must avoid

java-logo

Checkmarx CxSAST is a powerful Source Code Analysis (SCA) solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code. Check it out here! Java has come a long way since it was introduced in mid-1995. Its cross-platform characteristics have made it the benchmark when it comes to client-side web programming. But with ...

Read More »

Can DevOps(Sec) make Software more Secure?

devops-logo

There was a lot of talk at RSA this year about DevOps and security: DevOpsSec or DevSecOps or Rugged DevOps or whatever people want to call it. This included a full-day seminar on DevOps before the conference opened and several talks and workshops throughout the conference which tried to make the case that DevOps isn’t just about delivering software faster, ...

Read More »

Backdoors, Sabotage or Just Plain Stupidity

software-development-2-logo

Someone on your development team, or a contractor or a consultant, or one of your sys admins, or a bad guy who stole one of these people’s credentials, might have put a backdoor, a logic bomb, a Trojan or other “malcode” into your application code. And you don’t know it. How much of a real problem is this? And how ...

Read More »

5 simple rules for securely storing passwords

software-development-2-logo

Far too frequently, systems are hacked and their user databases are compromised. And there are far too many cases where the database contains plain text passwords, poorly hashed passwords, or two-way encrypted passwords, despite the wealth of resources available on how to properly store user credentials. And it’s not just legacy databases; just this week, I saw a reddit thread ...

Read More »

Authentication Mechanisms for Web Applications

software-development-2-logo

Authentication is the basic requirement for most of websites. However, there are many mechanisms to implement authentication and they are not very interchangeable. Depend on business requirement, developers need to choose the most appropriate method of authentication for their application. It may not be an easy task unless one understand the differences among mechanisms well. In this short article, I ...

Read More »

Putting Security into Sprints

agile-logo

To build a secure app, you can’t wait to the end and hope to “test security in”. For teams who follow Agile methods like Scrum, this means you have to find a way to add security into Sprints. Here’s how to do it: Sprint Zero A few basic security steps need to be included upfront in Sprint Zero:     ...

Read More »

“NoSQL Injection” – What 40000 Unsecured MongoDB Databases Mean for our Industry

mongodb-logo

The news is all over reddit… Major security alert as 40,000 MongoDB databases left unsecured on the internet Security is a feature that is often neglected until it’s too late. And when it’s too late, it is often hard to bake it into a well-established architecture without major refactoring efforts. Every system and thus also every database is always vulnerable. ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close