Security
-
Software Development
10 things you can do to make your app secure: #1 Parameterize Database Queries
OWASP’s Top 10 Risk list for web applications is a widely recognized tool for understanding, describing and assessing major application…
Read More » -
Enterprise Java
SSL encrypted EJB calls with JBoss AS 7
Encrypting the communication between client and server provides improved security and privacy protection for your system. This can be an…
Read More » -
Software Development
Easter Hack: Even More Critical Bugs in SSL/TLS Implementations
It’s been some time since my last blog post – time for writing is rare. But today, I’m very happy…
Read More » -
Software Development
Application Security – Can you Rely on the Honeymoon Effect?
I learned about some interesting research from Dave Mortman at this year’s RSA conference in San Francisco which supports the…
Read More » -
Software Development
Verifying Secure Password Storage Externally
Many websites (including big ones like Adobe, Yahoo, LinkedIn, Gawker, etc.) store user passwords insecurely. Either in plain text, or…
Read More » -
Software Development
Apache Tomcat and Denial-of-service vulnerability
Websites hosted on Apache Tomcat servers seem to be vulnerable against denial-of-service attacks, as was recently proven by security researchers…
Read More » -
Software Development
Cryptography & Theory 2: What is Pseudorandom
As was concluded in the first part of this series, security without randomness is impossible. Deterministic ciphers are unable to…
Read More » -
Core Java
AES-256 Encryption with Java and JCEKS
Overview Security has become a great topic of discussion in the last few years due to the recent releasing of…
Read More » -
Enterprise Java
Invoking APIs using a Web App with OAuth2 and use of JWT – WSO2 API Manager
In this post I am to share my experience and understandings using WSO2 API Manager(API-M) for a very common and…
Read More »
