Home » Tag Archives: Security (page 5)

Tag Archives: Security

Detecting and Fixing XSS using OWASP tools

software-development-2-logo

Much have been written about XSS vulnerabilities scanning. In this article we will try to go a little further and show how to fix them. To illustrate the whole process, going from initial detection to providing a fix, we will use a very simple app consisting of two JSP pages: one is a payment form for credit card transactions and ...

Read More »

How much can Testers help in Appsec?

software-development-2-logo

It’s not clear how much of a role QA – which in most organizations means black box testers who do manual functional testing or write automated functional acceptance tests – can or should play in an Application Security program. Train QA, not Developers, on Security At RSA 2011, Caleb Sima asserted that training developers in Appsec is mostly a waste ...

Read More »

How to configure an SSL Certificate with Play Framework for https

play-framework-logo

I spent hours try­ing to get this to work, and in the end, then prob­lem was that I did not gen­er­ate the CSR (Cer­tifi­cate Request) myself with the keytool. I kept get­ting this error when I tried access­ing Play with https: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated The prob­lem ended up being that the key­store I cre­ated and imported the SSL cer­tifi­cate ...

Read More »

Appsec’s Agile Problem

agile-logo

Agile development has a serious Appsec problem. Most Agile development teams suck at building secure software. But one of the reasons for this is that Appsec has a serious Agile problem. Most security experts don’t understand Agile development and haven’t come to terms with the way the way that Agile teams design and build software; with the way that Agile ...

Read More »

This is Stuff: Cryptography & Theory 1: Meaning of Secure

software-development-2-logo

Cryptography & Theory is series of blog posts on things I learned in coursera stanford online crypto class. The class contained just right mixture of theory, math and programming and I enjoyed it a lot. This first part explains what is meant by expression “good cipher”. It contains definition of a cipher and multiple definitions of cipher security. Although it does ...

Read More »

Spring Security – Behind the scenes

Spring-Security-logo

Security tasks such as authentication of user and authorization of a user to view application resources are usually handled by the application server. These tasks can be delegated to Spring security flow relieving application server from handling these tasks. Spring security basically handles these tasks by implementing standard javax.servlet.Filter. For initializing Spring security into your application, you need to declare ...

Read More »

Top 10 Web Application Security Risks From OWASP

software-development-2-logo

The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Its mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Every few years the organization publishes a top 10 list on web application security risks. First released back in 2003, ...

Read More »

Authentication and Authorization as an open source solution service

java-interview-questions-answers

Designing a centralized service for all user data by implementing authentication and authorization (a&a) mechanism. I’ll share my experience and finalize conclusions for a solution. The design includes the clients (Web applications) and the server (a&a center). Terminology:       1. Authentication: Authentication is the mechanism whereby systems may securely identify their users. Answering the question “Who is the User?” ...

Read More »

Landscapes in Mobile Application Security

oauth-logo

There are different aspects in Cloud and Mobile application security – and in different angles you can look in to it. Within the first decade of the 21st century – internet worldwide increased from 350 million to more than 2 billion and Mobile phone subscribers from 750 million to 5 billion – and today it hits 6 billion mark – ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close