Security
-
Core Java
Signing Java Code
In a previous post, we discussed how to secure mobile code. One of the measures mentioned was signing code. This…
Read More » -
Agile
Building Both Security and Quality In
One of the important things in a Security Development Lifecycle (SDL) is to feed back information about vulnerabilities to developers.…
Read More » -
Software Development
What is HMAC Authentication and why is it useful?
To start with a little background, then I will outline the options for authentication of HTTP based server APIs with…
Read More » -
Enterprise Java
Fixing common Java security code violations in Sonar
This article aims to show you how to quickly fix the most common java security code violations. It assumes that…
Read More » -
Software Development
How to Cheat at Application Security
Developers need to know a lot in order to build secure applications. Some of this is good software engineering and…
Read More » -
Software Development
Outbound Passwords
Much has been written on how to securely store passwords. This sort of advice deals with the common situation where…
Read More » -
Software Development
XACML In The Cloud
The eXtensible Access Control Markup Language (XACML) is the de facto standard for authorization. The specification defines an architecture (see…
Read More » -
Software Development
Security Requirements With Abuse Cases
Gary McGraw describes several best practices for building secure software. One is the use of so-called abuse cases. Since his…
Read More » -
Software Development
Bcrypt, Salt. It’s The Bare Minimum.
The other day I read this Arstechnica article and realized how tragic the situation is. And it is not this…
Read More »
