Home » Tag Archives: Security (page 7)

Tag Archives: Security

A practical solution to the BREACH vulnerability

scala-logo

Two weeks ago CERT released an advisory for a new vulnerability called BREACH. In the advisory they say there is no practical solution to this vulnerability. I believe that I’ve come up with a practical solution that we’ll probably implement in Play Frameworks CSRF protection. Some background First of all, what is the BREACH vulnerability? I recommend you read the ...

Read More »

Securing HTTP-based APIs With Signatures

java-logo

I work at EMC on a platform on top of which SaaS solutions can be built. This platform has a RESTful HTTP-based API, just like a growing number of other applications. With development frameworks like JAX-RS, it’s relatively easy to build such APIs. It is not, however, easy to build them right.   Issues With Building HTTP-based APIs The problem ...

Read More »

What is Important in Secure Software Design?

software-development-2-logo

There are many basic architectural and design mistakes that can compromise the security of a system: Missing something important in security features like access control or auditing, privacy and compliance requirements; Technical mistakes in understanding and implementing defence-against-the-dark-arts security stuff like crypto, managing secrets and session management (you didn’t know enough to do something or to do it right); Misunderstanding ...

Read More »

Choosing between a Pen Test and a Secure Code Review

software-development-2-logo

Secure Code Reviews (bringing someone in from outside of the team to review/audit the code for security vulnerabilities) and application Pen Tests (again, bringing a security specialist in from outside the team to test the system) are both important practices in a secure software development program. But if you could only do one of them, if you had limited time ...

Read More »

Understanding Transport Layer Security / Secure Socket Layer

software-development-2-logo

Transport Layer Security (TLS) 1.0 / Secure Sockets Layer (SSL) 3.0, is the mechanism to provide private, secured and reliable communication over the internet. It is the most widely used protocols that provides secure HTTPS for internet communications between the client (web browsers) and web servers. It ensures that the transport of sensitive data are safe from cyber crimes which ...

Read More »

Java 7 Update 21 Security Improvements in Detail

java-logo

Oracle released three updates to Java yesterday. It is important to note that they contain several security related changes. The majority of those changes have been announced since a while and first thing to notice is, that Oracle ships as planned. Oracle’s Java Platform Security ManagerMilton Smith recently gave a talk at DevoxxUK titled “Securing the Future with Java” where ...

Read More »

Penetration Testing Shouldn’t be a Waste of Time

software-development-2-logo

In a recent post on “Debunking Myths: Penetration Testing is a Waste of Time”, Rohit Sethi looks at some of the disadvantages of the passive and irresponsible way that application pen testing is generally done today: wait until the system is ready to go live, hire an outside firm or consultant, give them a short time to try to hack ...

Read More »

Weaknesses in Java Pseudo Random Number Generators (PRNGs)

java-logo

This will be a sum up of a Paper written by Kai Michaelis, Jörg Schwenk and me, which was  presented at the Cryptographers’ Track at RSA Conference 2013. You can get the slides of my presentation here and our full Paper here. We performed an analysis on the random sequences generated by common Java libraries shipping with PRNGs (mostly SecureRandom) ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close