Security
-
Software Development
“NoSQL Injection” – What 40000 Unsecured MongoDB Databases Mean for our Industry
The news is all over reddit… Major security alert as 40,000 MongoDB databases left unsecured on the internet Security is…
Read More » -
Enterprise Java
How to secure Jersey REST services with Spring Security and Basic authentication
In my previous blog post, Quick way to check if the REST API is alive – GET details from Manifest…
Read More » -
Software Development
Introduction to MongoDB Security
Last week at the Paris MUG, I had a quick chat about security and MongoDB, and I have decided to…
Read More » -
Enterprise Java
Required Reading: Iron Clad Java
They didn’t teach appsec in Comp Sci or in engineering or MIS or however you learned how to program. And…
Read More » -
Software Development
If you got bugs, you’ll get pwned
The SEI recently published some fascinating research which shows a clear relationship between software quality and software security. The consensus…
Read More » -
Enterprise Java
Self-Signed Certificate for Apache TomEE (and Tomcat)
Probably in most of your Java EE projects you will have part or whole system with SSL support (https) so…
Read More » -
Software Development
Signing Digital Certificates with OpenSSL Library
While working on the pgopenssltypes extension I realized that I haven’t discussed how to sign digital certificates using the OpenSSL…
Read More » -
Software Development
Adding OpenSSL User-Defined Types to PostgreSQL
PostgreSQL supports user-defined types (UDT). These types can be used to provide type-safety on user-defined functions when we would otherwise…
Read More » -
Software Development
Database Threat Models
I finally have a breather and can start working through my backlog of ideas. I start with some background that…
Read More »