Security
-
Software Development
10 things you can do to make your app secure: #3 Validate Input
This is part #3 of a series of posts on the OWASP Top 10 Proactive Development Controls. Your first line…
Read More » -
Software Development
10 things you can do to make your app secure: #2 Encoding Data
This is part #2 of a series on the OWASP Top 10 Proactive Controls, the 10 things you can do…
Read More » -
Software Development
SQL Developer’s “Securely” Encrypted Passwords
Recently, while at one of our customers’ site, the customer and I needed to get access to a database. On…
Read More » -
Software Development
10 things you can do to make your app secure: #1 Parameterize Database Queries
OWASP’s Top 10 Risk list for web applications is a widely recognized tool for understanding, describing and assessing major application…
Read More » -
Enterprise Java
SSL encrypted EJB calls with JBoss AS 7
Encrypting the communication between client and server provides improved security and privacy protection for your system. This can be an…
Read More » -
Software Development
Easter Hack: Even More Critical Bugs in SSL/TLS Implementations
It’s been some time since my last blog post – time for writing is rare. But today, I’m very happy…
Read More » -
Software Development
Application Security – Can you Rely on the Honeymoon Effect?
I learned about some interesting research from Dave Mortman at this year’s RSA conference in San Francisco which supports the…
Read More » -
Software Development
Verifying Secure Password Storage Externally
Many websites (including big ones like Adobe, Yahoo, LinkedIn, Gawker, etc.) store user passwords insecurely. Either in plain text, or…
Read More » -
Software Development
Apache Tomcat and Denial-of-service vulnerability
Websites hosted on Apache Tomcat servers seem to be vulnerable against denial-of-service attacks, as was recently proven by security researchers…
Read More »