Home » Tag Archives: Security (page 8)

Tag Archives: Security

Yes Small Companies Can – and Should – Build Secure Software

software-development-2-logo

‘For large software companies or major corporations such as banks or health care firms with large custom software bases, investing in software security can prove to be valuable and provide a measurable return on investment, but that’s probably not the case for smaller enterprises, said John Viega, executive vice president of products, strategy and services at SilverSky and an authority ...

Read More »

Cryptography Using JCA – Services In Providers

java-logo

The Java Cryptography Architecture (JCA) is an extensible framework that enables you to use perform cryptographic operations. JCA also promotes implementation independence (program should not care about who’s providing the cryptographic service) and implementation interoperability (program should not be tied to a specific provider of a particular cryptographic service). JCA allows numerous cryptographic services e.g. ciphers, key generators, message digests ...

Read More »

Peer reviews for security are a waste of time?

software-development-2-logo

At this year’s RSA conference, one of the panel’s questioned whether software security is a waste of time. A panellist, John Viega, said a few things that I agreed with, and a lot that I didn’t. Especially that “peer reviews for security are a waste of time.” This statement is wrong on every level. Everyone should know by now that ...

Read More »

Add RememberMe Authentication With Spring Security

spring-interview-questions-answers

I mentioned in my post Add Social Login to Jiwhiz Blog that the RememberMe function was not working with Spring Social Security. Well, it is because the application is not authenticating the user by username and password now, and is totally depending on social websites (like Google, Facebook and Twitter) to do the job. The default Spring Security configuration cannot ...

Read More »

Your Password Is No Longer Secret, Part 1

software-development-2-logo

Of course, the title is a trick. Your password is still secret, for now. To be sure that it will remain so, try to answer the following questions to yourself: How strong are your passwords? How strong they should be in order to prevent other people from revealing them? Are your password habits really adequate? Here, I assume that you ...

Read More »

Appsec at RSA 2013

software-development-2-logo

This was my second time at the RSA conference on IT security. Like last year, I focused on the appsec track, starting with a half-day mini-course on how to write secure applications for developers, presented by Jim Manico and Eoin Keary representing OWASP. It was a well-attended session. Solid, clear guidance from people who really do understand what it takes ...

Read More »

How To Secure an Organization That Is Under Constant Attack

software-development-2-logo

There have been many recent security incidents at well-respected organizations like the Federal Reserve, the US Energy Department, the New York Times, and the Wall Street Journal. If these large organizations are incapable of keeping unwanted people off their systems, then who is? The answer unfortunately is: not many. So we must assume our systems are compromised. Compromised is the ...

Read More »

A brief chronology of SSL/TLS attacks

software-development-2-logo

I haven’t had a substantial post for quite a long time, so it’s time for something useful and interesting. Although not Java-specific, this post might still be interesting to some of  you. A brief warning before reading: This is a very lengthy post, but – believe it or not – this is just the brief summary of an even longer ...

Read More »

OAuth 2.0 Bearer Token Profile Vs MAC Token Profile

oauth-logo

Almost all the implementation I see today are based on OAuth 2.0 Bearer Token Profile. Of course its an RFC proposed standard today. OAuth 2.0 Bearer Token profile brings a simplified scheme for authentication. This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close