Home » Tag Archives: Security (page 5)

Tag Archives: Security

SSL encrypted EJB calls with JBoss AS 7

java-interview-questions-answers

Encrypting the communication between client and server provides improved security and privacy protection for your system. This can be an important requirement by the customer, especially if client or server need to work in an unprotected network. This article shows you how to setup SSL encrypted EJB calls in JBoss AS 7. Server There are only two things that need ...

Read More »

Easter Hack: Even More Critical Bugs in SSL/TLS Implementations

software-development-2-logo

It’s been some time since my last blog post – time for writing is rare. But today, I’m very happy that Oracle released the brand new April Critical Patch Update, fixing 37 vulnerabilities in our beloved Java (seriously, no kidding – Java is simply a great language!). With that being said, all vulnerabilities reported by my colleagues (credits go to Juraj Somorovsky, Sebastian ...

Read More »

Application Security – Can you Rely on the Honeymoon Effect?

software-development-2-logo

I learned about some interesting research from Dave Mortman at this year’s RSA conference in San Francisco which supports the Devops and Agile arguments that continuous, incremental, iterative changes can be made safely: a study by by the MIT Lincoln lab (Milk or Wine: Does Software Security Improve with Age?) and The Honeymoon Effect, by Sandy Clark at the University ...

Read More »

Verifying Secure Password Storage Externally

software-development-2-logo

Many websites (including big ones like Adobe, Yahoo, LinkedIn, Gawker, etc.) store user passwords insecurely. Either in plain text, or encrypted (reversible), or using a broken or brute-forceable hash function. Many websites continue to be built with poor password storage mechanism. So what? Well, if the database leaks somehow (and it obviously happens, see the link above), then users are ...

Read More »

Apache Tomcat and Denial-of-service vulnerability

apache-tomcat-logo

Websites hosted on Apache Tomcat servers seem to be vulnerable against denial-of-service attacks, as was recently proven by security researchers and presented in Denial-of-service vulnerability puts Apache Tomcat servers at risk. Apache Tomcat servers are widely used for hosting applications developed with the Java Servlet and the JavaServer Pages (JSP) technologies. Apache Commons FileUpload is a stand-alone library that developers ...

Read More »

Cryptography & Theory 2: What is Pseudorandom

software-development-2-logo

As was concluded in the first part of this series, security without randomness is impossible. Deterministic ciphers are unable to protect against strong attackers and true random generators are impractical or hard to get, so cryptography is build on pseudorandom generators. First two chapters of this post define what they are and explain what kind of pseudorandom generators secure cryptography ...

Read More »

AES-256 Encryption with Java and JCEKS

java-logo

Overview Security has become a great topic of discussion in the last few years due to the recent releasing of documents from Edward Snowden and the explosion of hacking against online commerce stores like JC Penny, Sony and Target. While this post will not give you all of the tools to help prevent the use of illegally sourced data, this ...

Read More »

Detecting and Fixing XSS using OWASP tools

software-development-2-logo

Much have been written about XSS vulnerabilities scanning. In this article we will try to go a little further and show how to fix them. To illustrate the whole process, going from initial detection to providing a fix, we will use a very simple app consisting of two JSP pages: one is a payment form for credit card transactions and ...

Read More »

How much can Testers help in Appsec?

software-development-2-logo

It’s not clear how much of a role QA – which in most organizations means black box testers who do manual functional testing or write automated functional acceptance tests – can or should play in an Application Security program. Train QA, not Developers, on Security At RSA 2011, Caleb Sima asserted that training developers in Appsec is mostly a waste ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close