Home » Tag Archives: Security (page 6)

Tag Archives: Security

Spring Security – Behind the scenes

Spring-Security-logo

Security tasks such as authentication of user and authorization of a user to view application resources are usually handled by the application server. These tasks can be delegated to Spring security flow relieving application server from handling these tasks. Spring security basically handles these tasks by implementing standard javax.servlet.Filter. For initializing Spring security into your application, you need to declare ...

Read More »

Top 10 Web Application Security Risks From OWASP

software-development-2-logo

The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Its mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Every few years the organization publishes a top 10 list on web application security risks. First released back in 2003, ...

Read More »

Authentication and Authorization as an open source solution service

java-interview-questions-answers

Designing a centralized service for all user data by implementing authentication and authorization (a&a) mechanism. I’ll share my experience and finalize conclusions for a solution. The design includes the clients (Web applications) and the server (a&a center). Terminology:       1. Authentication: Authentication is the mechanism whereby systems may securely identify their users. Answering the question “Who is the User?” ...

Read More »

Landscapes in Mobile Application Security

oauth-logo

There are different aspects in Cloud and Mobile application security – and in different angles you can look in to it. Within the first decade of the 21st century – internet worldwide increased from 350 million to more than 2 billion and Mobile phone subscribers from 750 million to 5 billion – and today it hits 6 billion mark – ...

Read More »

How to use ECC with OpenJDK

java-logo

Everyone who ever tried to use Elliptic Curve Cryptography (ECC) in Java with an OpenJDK was either forced to use Bouncy Castle or fumble with the SunEC provider. The SunEC provider offers the following algorithms according to the documentation (quote): AlgorithmParameters EC KeyAgreement ECDH KeyFactory EC KeyPairGenerator EC Signature NONEwithECDSA SHA1withECDSA SHA256withECDSA SHA384withECDSA SHA512withECDSA Unfortunately, this provider is not shipped ...

Read More »

Creating Password-Based Encryption Keys

java-logo

This article discusses creating password-based encryption PBE keys. First a reminder of earlier points – as a rule you should, when practical, use the PBE key as a master key that is used solely to unlock a working key. This has three major benefits: You can have multiple passwords, e.g., an escrowed recovery key, You can change your password without ...

Read More »

WS-Security: using BinarySecurityToken for authentication

java-interview-questions-answers

As we all know, one goal set by WS-Security is to enforce integrity and/or confidentially on SOAP messages. In case of integrity, the signature which is added to the SOAP message is the result of a mathematical process involving the private key of the sender resulting in an encrypted message digest. Most frameworks, such as WSS4J, will by default only ...

Read More »

Deploying Identity Server over a JDBC Based User Store

log4jdbc-logo

With this post I am to demonstrate how to configure WSO2 Identity Server with a JDBC user store. For the demonstration I am using a MySQL user store, but same procedure applies to any other JDBC user store as well. My environment is, OS – Ubuntu 12.10 Java – 1.6 WSO2 IS 4.5.0 Setting up MySQL database User Store Configuration ...

Read More »

How To Start With Software Security – Part 2

software-development-2-logo

Last time, I wrote about how an organization can get started with software security. Today I will look at how to do that as an individual. From Development To Secure Development As a developer, I wasn’t always aware of the security implications of my actions. Now that I’m the Engineering Security Champion for my project, I have to be. It ...

Read More »

What is a software quality?

software-development-2-logo

If any of you have heard me speak in a training session or conference you’ll know I am found of quoting Philip Crosby: “Quality is free!”. Crosby was talking from a background in missile production but the message was picked up by the car industry and silicon chip industry (“The Anderson Bombshell” in 1980 explained how Japanese RAM manufacturers were ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close