Home » Tag Archives: Security (page 5)

Tag Archives: Security

Cryptography & Theory 2: What is Pseudorandom

software-development-2-logo

As was concluded in the first part of this series, security without randomness is impossible. Deterministic ciphers are unable to protect against strong attackers and true random generators are impractical or hard to get, so cryptography is build on pseudorandom generators. First two chapters of this post define what they are and explain what kind of pseudorandom generators secure cryptography ...

Read More »

AES-256 Encryption with Java and JCEKS

java-logo

Overview Security has become a great topic of discussion in the last few years due to the recent releasing of documents from Edward Snowden and the explosion of hacking against online commerce stores like JC Penny, Sony and Target. While this post will not give you all of the tools to help prevent the use of illegally sourced data, this ...

Read More »

Detecting and Fixing XSS using OWASP tools

software-development-2-logo

Much have been written about XSS vulnerabilities scanning. In this article we will try to go a little further and show how to fix them. To illustrate the whole process, going from initial detection to providing a fix, we will use a very simple app consisting of two JSP pages: one is a payment form for credit card transactions and ...

Read More »

How much can Testers help in Appsec?

software-development-2-logo

It’s not clear how much of a role QA – which in most organizations means black box testers who do manual functional testing or write automated functional acceptance tests – can or should play in an Application Security program. Train QA, not Developers, on Security At RSA 2011, Caleb Sima asserted that training developers in Appsec is mostly a waste ...

Read More »

How to configure an SSL Certificate with Play Framework for https

play-framework-logo

I spent hours try­ing to get this to work, and in the end, then prob­lem was that I did not gen­er­ate the CSR (Cer­tifi­cate Request) myself with the keytool. I kept get­ting this error when I tried access­ing Play with https: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated The prob­lem ended up being that the key­store I cre­ated and imported the SSL cer­tifi­cate ...

Read More »

Appsec’s Agile Problem

agile-logo

Agile development has a serious Appsec problem. Most Agile development teams suck at building secure software. But one of the reasons for this is that Appsec has a serious Agile problem. Most security experts don’t understand Agile development and haven’t come to terms with the way the way that Agile teams design and build software; with the way that Agile ...

Read More »

This is Stuff: Cryptography & Theory 1: Meaning of Secure

software-development-2-logo

Cryptography & Theory is series of blog posts on things I learned in coursera stanford online crypto class. The class contained just right mixture of theory, math and programming and I enjoyed it a lot. This first part explains what is meant by expression “good cipher”. It contains definition of a cipher and multiple definitions of cipher security. Although it does ...

Read More »

Spring Security – Behind the scenes

Spring-Security-logo

Security tasks such as authentication of user and authorization of a user to view application resources are usually handled by the application server. These tasks can be delegated to Spring security flow relieving application server from handling these tasks. Spring security basically handles these tasks by implementing standard javax.servlet.Filter. For initializing Spring security into your application, you need to declare ...

Read More »

Top 10 Web Application Security Risks From OWASP

software-development-2-logo

The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Its mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Every few years the organization publishes a top 10 list on web application security risks. First released back in 2003, ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close