Home » Tag Archives: Security (page 9)

Tag Archives: Security

A Grails plugin to bridge Spring Security and Shiro

grails-logo

I started using Spring Security in 2007 when I was tasked with adding security to a Spring/Hibernate application at the company I was working for. There were a few options to choose from, none of them particularly friendly to work with, and we chose Acegi Security because it was the most popular option for Spring applications. My experience was like ...

Read More »

Securing your Tomcat app with SSL and Spring Security

apache-tomcat-logo

If you’ve seen my last blog, you’ll know that I listed ten things that you can do with Spring Security. However, before you start using Spring Security in earnest one of the first things you really must do is to ensure that your web app uses the right transport protocol, which in this case is HTTPS – after all there’s ...

Read More »

Using Cryptography in Java Applications

java-logo

This post describes how to use the Java Cryptography Architecture (JCA) that allows you to use cryptographic services in your applications. Java Cryptography Architecture Services The JCA provides a number of cryptographic services, like message digests and signatures. These services are accessible through service specific APIs, like MessageDigest and Signature. Cryptographic services abstract different algorithms. For digests, for instance, you ...

Read More »

SQL Injection in Java Application

java-interview-questions-answers

In this post we will discuss what is an SQL Injection attack. and how its may affect any web application its use the back end database. Here i concentrate on java web application. Open Web Application Security Project(OWAP) listed that SQL Injection is the top vulnerability attack for web application. Hacker’s Inject the SQL code in web request to the web ...

Read More »

Database Encryption Using JPA Listeners

java-interview-questions-answers

I recently had to add database encryption to a few fields and discovered a lot of bad advice out there. Architectural Issues The biggest problem is architectural. If your persistence manager quietly handles your encryption then, by definition, your architecture demands a tight and unnecessary binding between your persistence and security designs. You can’t touch one without also touching the ...

Read More »

Database and Webapp Security

java-logo

Threat Model This is a discussions on database and webapp security loosely based on the quick reference page on my site. That page is becoming unwieldy and does not make it easy for readers to interact with me or others. Threat Model All security analysis must begin by examining the threat model. A threat model requires you to answer four ...

Read More »

Permissions in OSGi

osgi-alliance-logo

In a previous post, we looked at implementing a sandbox for Java applications in which we can securely run mobile code. This post looks at how to do the same in an OSGi environment. OSGi The OSGi specification defines a dynamic module system for Java. As such, it’s a perfect candidate for implementing the kind of plugin system that would ...

Read More »

Sandboxing Java Code

java-logo

In a previous post, we looked at securing mobile Java code. One of the options for doing so is to run the code in a cage or sandbox. This post explores how to set up such a sandbox for Java applications. Security Manager The security facility in Java that supports sandboxing is the java.lang.SecurityManager. By default, Java runs without a ...

Read More »

Signing Java Code

java-logo

In a previous post, we discussed how to secure mobile code. One of the measures mentioned was signing code. This post explores how that works for Java programs. Digital Signatures The basis for digital signatures is cryptography, specifically, public key cryptography. We use a set of cryptographic keys: a private and a public key. The private key is used to ...

Read More »

Building Both Security and Quality In

agile-logo

One of the important things in a Security Development Lifecycle (SDL) is to feed back information about vulnerabilities to developers. This post relates that practice to the Agile practice of No Bugs. The Security Incident Response Even though we work hard to ship our software without security vulnerabilities, we never succeed 100%. When an incident is reported (hopefully responsibly), we ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close