Security
-
Software Development
Appsec at RSA 2013
This was my second time at the RSA conference on IT security. Like last year, I focused on the appsec…
Read More » -
Software Development
How To Secure an Organization That Is Under Constant Attack
There have been many recent security incidents at well-respected organizations like the Federal Reserve, the US Energy Department, the New…
Read More » -
Software Development
Why OAuth it self is not an authentication framework ?
Let’s straight a way start with definitions to avoid any confusions. Authentication is the act of confirming the truth of…
Read More » -
Software Development
A brief chronology of SSL/TLS attacks
I haven’t had a substantial post for quite a long time, so it’s time for something useful and interesting. Although…
Read More » -
Software Development
OAuth 2.0 Bearer Token Profile Vs MAC Token Profile
Almost all the implementation I see today are based on OAuth 2.0 Bearer Token Profile. Of course its an RFC…
Read More » -
Groovy
A Grails plugin to bridge Spring Security and Shiro
I started using Spring Security in 2007 when I was tasked with adding security to a Spring/Hibernate application at the…
Read More » -
Enterprise Java
Securing your Tomcat app with SSL and Spring Security
If you’ve seen my last blog, you’ll know that I listed ten things that you can do with Spring Security.…
Read More » -
Core Java
Using Cryptography in Java Applications
This post describes how to use the Java Cryptography Architecture (JCA) that allows you to use cryptographic services in your…
Read More » -
Enterprise Java
SQL Injection in Java Application
In this post we will discuss what is an SQL Injection attack. and how its may affect any web application its…
Read More »