Home » Tag Archives: Security

Tag Archives: Security

Securing NoSQL Databases: Use the Force

software-development-2-logo

With stories of the thefts of millions of credit card records and sensitive employee data at some of the world’s largest companies and government agencies dominating recent headlines, it’s not surprising that organizations are doubling down on security. Security is finally starting to get top management’s attention. Ponemon Institute’s 2015 security report found that 55 percent of top executives rated ...

Read More »

Token Authentication for Java Applications

java-interview-questions-answers

Building Identity Management, including authentication and authorization? Try Stormpath! Our REST API and robust Java SDK support can eliminate your security risk and can be implemented in minutes. Sign up, and never build auth again! Update 5/12/2016: Building a Java application? JJWT is a Java library providing end-to-end JWT creation and verification, developed by our very own Les Hazlewood. Forever ...

Read More »

Why you Should Attack Your Systems – Before “They” Do

software-development-2-logo

You can’t hack and patch your way to a secure system. You will never be able to find all of the security vulnerabilities and weaknesses in your code and network through scanning, or by paying outsiders to try to hack their way in. The only way to be secure is to design and build security in from the beginning: threat ...

Read More »

Secure the unsecured

software-development-2-logo

A recent issue in my home country has surface this month regarding an information leak. Our “highly” trained officers says it managed to caught and apprehend the actual hacker but never give any resolution as to what they will do to ensure that it will never happen again. Much like what they usually do, this doesn’t surprise me at all. ...

Read More »

Encryption is not Binary

software-development-2-logo

If you ask someone if they require encryption on their device, first of all, you will likely get one of two answers – yes or no – useful for segmenting your market or developing persona. If you’re lucky, you’ll get a better answer – “you’re asking the wrong question!”           Be Outside-In, Not Inside-Out Inside-out thinking is taking ...

Read More »

Mutual Problems

java-logo

The HTTPS protocol is the well-established standard for securing our connections. Understanding how this protocol works is not a problem and the corresponding RFC document is available since 2000. Despite HTTPS is used so widely, you can still find a software which doesn’t handle this protocol without unnecessary complexity. Unfortunately I’v experienced problems during the implementation of mutual authentication in ...

Read More »

Skip SSL certificate verification in Spring Rest Template

spring-interview-questions-answers

How to skip SSL certificate verification while using Spring Rest Template? Configure Rest Template so it uses Http Client to create requests. Note: If you are familiar with sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target the below should help you. Http Client Firstly, import HttpClient (>4.4), to your project compile('org.apache.httpcomponents:httpclient:4.5.1') Configure RestTemplate Configure SSLContext using Http Client’s ...

Read More »

TLS Client Authentication

software-development-2-logo

I decided to do a prototype for an electronic identification scheme, so I investigated how to do TLS client authentication with a Java/Spring server-side (you can read on even if you’re not a Java developer – most of the post is java-agnostic). Why TLS client authentication? Because that’s the most standard way to authenticate a user who owns a certificate ...

Read More »

Why You Should Encrypt ALL Personally Identifiable Information (PII)

software-development-2-logo

Many critics have pointed out that Ashley Madison should have encrypted all personally identifiable information (PII). The database contained sensitive information that would cause harm to users if it was released. We are probably not involved in dating websites based on infidelity, at least not as a developer. But the nature of our business doesn’t matter after a breach – ...

Read More »

Want to take your Java skills to the next level?

Grab our programming books for FREE!

Here are some of the eBooks you will get:

  • Advanced Java Guide
  • Java Design Patterns
  • JMeter Tutorial
  • Java 8 Features Tutorial
  • JUnit Tutorial
  • JSF Programming Cookbook
  • Java Concurrency Essentials