Home » Tag Archives: Security

Tag Archives: Security

How to Secure Elasticsearch and Kibana

software-development-2-logo

Introduction Elasticsearch (ES) is a search engine based on Lucene. It provides a distributed, multitenant-capable, full-text search engine with an HTTP web interface and schema-free JSON documents. Kibana is an open source data visualization plugin for Elasticsearch. It provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create bar, line, and scatter plots, or pie charts and maps on top of large volumes of data. ...

Read More »

The Rationale for Securing Big Data

software-development-2-logo

This blog post is the first in a series based on the ebook The Six Elements of Securing Big Data by security expert and thought leader Davi Ottenheimer. In his book, Davi outlines the rationale and key challenges of securing big data systems and applications. He does so using some great anecdotes and with good humor, making the book a good ...

Read More »

Securing NoSQL Databases: Use the Force

software-development-2-logo

With stories of the thefts of millions of credit card records and sensitive employee data at some of the world’s largest companies and government agencies dominating recent headlines, it’s not surprising that organizations are doubling down on security. Security is finally starting to get top management’s attention. Ponemon Institute’s 2015 security report found that 55 percent of top executives rated ...

Read More »

Token Authentication for Java Applications

java-interview-questions-answers

Building Identity Management, including authentication and authorization? Try Stormpath! Our REST API and robust Java SDK support can eliminate your security risk and can be implemented in minutes. Sign up, and never build auth again! Update 5/12/2016: Building a Java application? JJWT is a Java library providing end-to-end JWT creation and verification, developed by our very own Les Hazlewood. Forever ...

Read More »

Why you Should Attack Your Systems – Before “They” Do

software-development-2-logo

You can’t hack and patch your way to a secure system. You will never be able to find all of the security vulnerabilities and weaknesses in your code and network through scanning, or by paying outsiders to try to hack their way in. The only way to be secure is to design and build security in from the beginning: threat ...

Read More »

Secure the unsecured

software-development-2-logo

A recent issue in my home country has surface this month regarding an information leak. Our “highly” trained officers says it managed to caught and apprehend the actual hacker but never give any resolution as to what they will do to ensure that it will never happen again. Much like what they usually do, this doesn’t surprise me at all. ...

Read More »

Encryption is not Binary

software-development-2-logo

If you ask someone if they require encryption on their device, first of all, you will likely get one of two answers – yes or no – useful for segmenting your market or developing persona. If you’re lucky, you’ll get a better answer – “you’re asking the wrong question!”           Be Outside-In, Not Inside-Out Inside-out thinking is taking ...

Read More »

Mutual Problems

java-logo

The HTTPS protocol is the well-established standard for securing our connections. Understanding how this protocol works is not a problem and the corresponding RFC document is available since 2000. Despite HTTPS is used so widely, you can still find a software which doesn’t handle this protocol without unnecessary complexity. Unfortunately I’v experienced problems during the implementation of mutual authentication in ...

Read More »

Skip SSL certificate verification in Spring Rest Template

spring-interview-questions-answers

How to skip SSL certificate verification while using Spring Rest Template? Configure Rest Template so it uses Http Client to create requests. Note: If you are familiar with sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target the below should help you. Http Client Firstly, import HttpClient (>4.4), to your project compile('org.apache.httpcomponents:httpclient:4.5.1') Configure RestTemplate Configure SSLContext using Http Client’s ...

Read More »

TLS Client Authentication

software-development-2-logo

I decided to do a prototype for an electronic identification scheme, so I investigated how to do TLS client authentication with a Java/Spring server-side (you can read on even if you’re not a Java developer – most of the post is java-agnostic). Why TLS client authentication? Because that’s the most standard way to authenticate a user who owns a certificate ...

Read More »

Want to take your Java skills to the next level?

Grab our programming books for FREE!

Here are some of the eBooks you will get:

  • Spring Interview QnA
  • Multithreading & Concurrency QnA
  • JPA Minibook
  • JVM Troubleshooting Guide
  • Advanced Java
  • Java Interview QnA
  • Java Design Patterns