Home » Tag Archives: Security (page 9)

Tag Archives: Security

Appsec at RSA 2013

software-development-2-logo

This was my second time at the RSA conference on IT security. Like last year, I focused on the appsec track, starting with a half-day mini-course on how to write secure applications for developers, presented by Jim Manico and Eoin Keary representing OWASP. It was a well-attended session. Solid, clear guidance from people who really do understand what it takes ...

Read More »

How To Secure an Organization That Is Under Constant Attack

software-development-2-logo

There have been many recent security incidents at well-respected organizations like the Federal Reserve, the US Energy Department, the New York Times, and the Wall Street Journal. If these large organizations are incapable of keeping unwanted people off their systems, then who is? The answer unfortunately is: not many. So we must assume our systems are compromised. Compromised is the ...

Read More »

A brief chronology of SSL/TLS attacks

software-development-2-logo

I haven’t had a substantial post for quite a long time, so it’s time for something useful and interesting. Although not Java-specific, this post might still be interesting to some of  you. A brief warning before reading: This is a very lengthy post, but – believe it or not – this is just the brief summary of an even longer ...

Read More »

OAuth 2.0 Bearer Token Profile Vs MAC Token Profile

oauth-logo

Almost all the implementation I see today are based on OAuth 2.0 Bearer Token Profile. Of course its an RFC proposed standard today. OAuth 2.0 Bearer Token profile brings a simplified scheme for authentication. This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a ...

Read More »

A Grails plugin to bridge Spring Security and Shiro

grails-logo

I started using Spring Security in 2007 when I was tasked with adding security to a Spring/Hibernate application at the company I was working for. There were a few options to choose from, none of them particularly friendly to work with, and we chose Acegi Security because it was the most popular option for Spring applications. My experience was like ...

Read More »

Securing your Tomcat app with SSL and Spring Security

apache-tomcat-logo

If you’ve seen my last blog, you’ll know that I listed ten things that you can do with Spring Security. However, before you start using Spring Security in earnest one of the first things you really must do is to ensure that your web app uses the right transport protocol, which in this case is HTTPS – after all there’s ...

Read More »

Using Cryptography in Java Applications

java-logo

This post describes how to use the Java Cryptography Architecture (JCA) that allows you to use cryptographic services in your applications. Java Cryptography Architecture Services The JCA provides a number of cryptographic services, like message digests and signatures. These services are accessible through service specific APIs, like MessageDigest and Signature. Cryptographic services abstract different algorithms. For digests, for instance, you ...

Read More »

SQL Injection in Java Application

java-interview-questions-answers

In this post we will discuss what is an SQL Injection attack. and how its may affect any web application its use the back end database. Here i concentrate on java web application. Open Web Application Security Project(OWAP) listed that SQL Injection is the top vulnerability attack for web application. Hacker’s Inject the SQL code in web request to the web ...

Read More »

Database Encryption Using JPA Listeners

java-interview-questions-answers

I recently had to add database encryption to a few fields and discovered a lot of bad advice out there. Architectural Issues The biggest problem is architectural. If your persistence manager quietly handles your encryption then, by definition, your architecture demands a tight and unnecessary binding between your persistence and security designs. You can’t touch one without also touching the ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close