Security
-
Software Development
XACML In The Cloud
The eXtensible Access Control Markup Language (XACML) is the de facto standard for authorization. The specification defines an architecture (see…
Read More » -
Software Development
Security Requirements With Abuse Cases
Gary McGraw describes several best practices for building secure software. One is the use of so-called abuse cases. Since his…
Read More » -
Software Development
Bcrypt, Salt. It’s The Bare Minimum.
The other day I read this Arstechnica article and realized how tragic the situation is. And it is not this…
Read More » -
Enterprise Java
Cross Site Scripting (XSS) and prevention
Variants of Cross site scripting (XSS) attacks are almost limitless as mentioned on the OWASP site (https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)). Here I propose…
Read More » -
Software Development
WSO2 Identity Server: Identity Management platform
WSO2 Identity Server provides a flexible, extensible and robust platform for Identity Management. This blog post looks inside WSO2 Identity…
Read More » -
Enterprise Java
Spring security 3 Ajax login – accessing protected resources
I have seen some blogs about Spring Security 3 Ajax login, however I could not find any that tackles how…
Read More » -
Enterprise Java
Spring Security – Two Security Realms in one Application
This blog post is mainly about Spring Security configuration. More specifically it is intending to show how to configure two…
Read More » -
Enterprise Java
GlassFish JDBC Security with Salted Passwords on MySQL
One of the most successful posts on this blog is my post about setting up a JDBC Security Realm with…
Read More » -
Core Java
Hash Length Extension Attacks
In this post I will try to leave the summer slump behind and focus on more interesting things than complaining…
Read More »