Home » Tag Archives: Security (page 4)

Tag Archives: Security

10 things you can do to as a developer to make your app secure: #10 Design Security In

software-development-2-logo

There’s more to secure design and architecture besides properly implementing Authentication, Access Control and Logging strategies, and choosing (and properly using) a good framework. You need to consider and deal with security threats and risks at many different points in your design. Adam Shostack’s new book on Threat Modeling explores how to do this in detail, with lots of exercises ...

Read More »

10 things you can do as a developer to make your app secure: #9 Start with Requirements

owasp-logo

To build a secure system, you should start thinking about security from the beginning. Legal and Compliance Constraints First, make sure that everyone on the team understands the legal and compliance requirements and constraints for the system. Regulations will drive many of the security controls in your system, including authentication, access control, data confidentiality and integrity (and encryption), and auditing, ...

Read More »

10 things you can do as a developer to make your app secure: #6 Protect Data and Privacy

software-development-2-logo

This is part 6 of a series of posts on the OWASP Top 10 Proactive Development Controls. Regulations – and good business practices – demand that you protect private and confidential customer and employee information such as PII and financial data, as well as critical information about the system itself: system configuration data and especially secrets. Exposing sensitive information is ...

Read More »

10 things you can do to make your app secure: #4 Access Control

software-development-2-logo

This is #4 in a series on the OWASP Top 10 Proactive Controls: 10 things that developers can do to make sure that their app is secure. Access Control aka Authorization, deciding who needs what access to which data and to which features, and how these rules will be enforced, needs to be carefully thought through up front in design. ...

Read More »

10 things you can do to make your app secure: #3 Validate Input

software-development-2-logo

This is part #3 of a series of posts on the OWASP Top 10 Proactive Development Controls. Your first line of defence against attacks should always be to check all data from untrusted sources. Input validation is fundamental to application security, and a basic part of good defensive programming. This is simple, and obvious – and often done wrong.   ...

Read More »

10 things you can do to make your app secure: #2 Encoding Data

software-development-2-logo

This is part #2 of a series on the OWASP Top 10 Proactive Controls, the 10 things you can do as a developer to make your application secure. In the previous post, I explained why Parameterized Database Queries are so important in protecting applications from SQL injection, one of the most common and dangerous attacks. SQL injection is only one ...

Read More »

SQL Developer’s “Securely” Encrypted Passwords

software-development-2-logo

Recently, while at one of our customers’ site, the customer and I needed to get access to a database. On my machine, I had stored the password, but the customer obviously didn’t want to rely on my machine, and the password itself is hashed, so we couldn’t guess it. But guess what? Yes we can! I googled a bit, and ...

Read More »
Want to take your Java Skills to the next level?
Grab our programming books for FREE!
  • Save time by leveraging our field-tested solutions to common problems.
  • The books cover a wide range of topics, from JPA and JUnit, to JMeter and Android.
  • Each book comes as a standalone guide (with source code provided), so that you use it as reference.
Last Step ...

Where should we send the free eBooks?

Good Work!
To download the books, please verify your email address by following the instructions found on the email we just sent you.