Home » Tag Archives: Security (page 12)

Tag Archives: Security

Google Services Authentication in App Engine, Part 2

google-aps-logo

In the first part of the tutorial I described how to use OAuth for access/authentication for Google’s API services. Unfortunately, as I discovered a bit later, the approach I used was OAuth 1.0, which has apparently now been officially deprecated by Google in favor of version 2.0 of OAuth. Obviously, I was a bit bummed to discovered this, and promised I ...

Read More »

Where do Security Requirements come from?

software-development-2-logo

One of the problems in building a secure application is that it’s not always clear what the security requirements are and where they are supposed to come from. Are security requirements supposed to come from the customer? Are they specified in the regulatory and compliance environment? Or are they implicit in the type of application that you are building – ...

Read More »

Key Exchange Patterns with Web Services Security

software-development-2-logo

When we have message level security with web services – how we achieve integrity and confidentiality is through keys. Keys are used to sign and encrypt messages been passed from the rqeuestor to the recipient or form the client to the service and vise versa. During this blog post, we’ll be discussing different key exchange patterns and their related use ...

Read More »

Java JAAS form based authentication

java-interview-questions-answers

Implementing a login module using JAAS is an of advance topic and also most of the developers have rare chance of involving with this kind of development. But the basic implementation of JAAS login module is not that much hard implementation.That is because, I intended to post this. Here, I am explaining, how to implement a tomcat managed authentication module. ...

Read More »

Apache Shiro Part 3 – Cryptography

apache-shiro-logo

Besides securing web pages and managing access rights Apache Shiro does also basic cryptography tasks. The framework is able to: encrypt and decrypt data, hash data, generate random numbers. Shiro does not implement any cryptography algorithms. All calculations are delegated to Java Cryptography Extension (JCE) API. The main benefit of using Shiro instead of what is already present in Java ...

Read More »

Apache Shiro Part 2 – Realms, Database and PGP Certificates

apache-shiro-logo

This is second part of series dedicated to Apache Shiro. We started previous part with simple unsecured web application. When we finished, the application had basic authentication and authorization. Users could log in and log out. All web pages and buttons had access rights assigned and enforced. Both authorization and authentication data have been stored in static configuration file. As ...

Read More »

Apache Shiro Part 1 – Basics

apache-shiro-logo

Apache Shiro, originally called JSecurity, is Java security framework. It was accepted and became Apache top level project in 2010. It aims to be powerful and easy to be used. The project is in active development with active both users and developers mailing lists. Most important areas are documented on its web page. However, it has lot of gaps in ...

Read More »

Secure Password Storage – Don’ts, dos and a Java example

java-logo

The importance of storing passwords securely As software developers, one of our most important responsibilities is the protection of our users’ personal information. Without technical knowledge of our applications, users have no choice but to trust that we’re fulfilling this responsibility. Sadly, when it comes to passwords, the software development community has a spotty track record. While it’s impossible to ...

Read More »

Building security into a development team

software-development-2-logo

Getting application developers to understand and take responsibility for software security is difficult. Bootstrapping an Appsec program requires that you get the team up to speed quickly on security risks and what problems they need to look for, how to find and fix and prevent these problems, what tools to use, and convince them that they need to take security ...

Read More »

AppSensor – Intrusion Detection

owasp-logo

Imagine that you have created a nice web application and secured it to your best. Users came, used it and everything was OK until someone stumbled upon vulnerability in your application and used it. Of course, you analyzed logs and found that the bad guy was looking for the vulnerability for weeks until he found one. Creators of AppSensor intrusion ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close