Home » Tag Archives: Security (page 2)

Tag Archives: Security

Skip SSL certificate verification in Spring Rest Template

spring-interview-questions-answers

How to skip SSL certificate verification while using Spring Rest Template? Configure Rest Template so it uses Http Client to create requests. Note: If you are familiar with sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target the below should help you. Http Client Firstly, import HttpClient (>4.4), to your project compile('org.apache.httpcomponents:httpclient:4.5.1') Configure RestTemplate Configure SSLContext using Http Client’s ...

Read More »

TLS Client Authentication

I decided to do a prototype for an electronic identification scheme, so I investigated how to do TLS client authentication with a Java/Spring server-side (you can read on even if you’re not a Java developer – most of the post is java-agnostic). Why TLS client authentication? Because that’s the most standard way to authenticate a user who owns a certificate ...

Read More »

Why You Should Encrypt ALL Personally Identifiable Information (PII)

Many critics have pointed out that Ashley Madison should have encrypted all personally identifiable information (PII). The database contained sensitive information that would cause harm to users if it was released. We are probably not involved in dating websites based on infidelity, at least not as a developer. But the nature of our business doesn’t matter after a breach – ...

Read More »

Top 10 Lists for Designing and Writing Secure and Safe Software

If you care about writing secure code, should know all about these Top 10 lists: OWASP Top 10 The OWASP Top 10 is a community-built list of the 10 most common and most dangerous security problems in online (especially web) applications. Injection flaws, broken authentication and session management, XSS and other nasty security bugs. These are problems that you need ...

Read More »

Implementing Client-Side Row-Level Security with jOOQ

Some time ago, we’ve promised to follow up on our Constraints on Views article with a sequel showing how to implement client-side row-level security with jOOQ. What is row-level security? Some databases like Oracle or the upcoming PostgreSQL 9.5 provide native support for row-level security, which is awesome – but not every database has this feature. Row level security essentially ...

Read More »

How to Keep REST API Credentials Secure

If you are building mobile apps then you are connecting to some REST API. For example, if you want to resolve an address to a latitude/longitude information to display on a map, you might use the Google Geocoding API: https://maps.googleapis.com/maps/api/geocode/json?address=San Francisco,CA&key=AIzaSyDvFMYGjeR02RH If you are invoking the API from the client, then the API key also has to be present on ...

Read More »

9 Security mistakes every Java Developer must avoid

Checkmarx CxSAST is a powerful Source Code Analysis (SCA) solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code. Check it out here! Java has come a long way since it was introduced in mid-1995. Its cross-platform characteristics have made it the benchmark when it comes to client-side web programming. But with ...

Read More »

Can DevOps(Sec) make Software more Secure?

There was a lot of talk at RSA this year about DevOps and security: DevOpsSec or DevSecOps or Rugged DevOps or whatever people want to call it. This included a full-day seminar on DevOps before the conference opened and several talks and workshops throughout the conference which tried to make the case that DevOps isn’t just about delivering software faster, ...

Read More »

Backdoors, Sabotage or Just Plain Stupidity

Someone on your development team, or a contractor or a consultant, or one of your sys admins, or a bad guy who stole one of these people’s credentials, might have put a backdoor, a logic bomb, a Trojan or other “malcode” into your application code. And you don’t know it. How much of a real problem is this? And how ...

Read More »

Want to take your Java skills to the next level?

Grab our programming books for FREE!

Here are some of the eBooks you will get:

  • Spring Interview QnA
  • Multithreading & Concurrency QnA
  • JPA Minibook
  • JVM Troubleshooting Guide
  • Advanced Java
  • Java Interview QnA
  • Java Design Patterns