Home » Tag Archives: Security (page 8)

Tag Archives: Security

What is a software quality?

software-development-2-logo

If any of you have heard me speak in a training session or conference you’ll know I am found of quoting Philip Crosby: “Quality is free!”. Crosby was talking from a background in missile production but the message was picked up by the car industry and silicon chip industry (“The Anderson Bombshell” in 1980 explained how Japanese RAM manufacturers were ...

Read More »

Getting Application Security Vulnerabilities Fixed

agile-logo

It’s a lot harder to fix application security vulnerabilities than it should be. In their May 2013 security report, WhiteHat Security published some discouraging findings about how many application security vulnerabilities found in testing get fixed, and how long it takes to fix them. They found that only 61% of serious security vulnerabilities get fixed, and that on average, it ...

Read More »

Safely Create and Store Passwords

java-logo

Nearly every time when it comes to user profiles it is necessary to manage user credentials and thus be able to create and store user passwords. It should be common practice to use hashed and salted passwords to be prepared for database disclosure and hash reversing by the use of rainbow tables. However, it is (sadly) not uncommon to find ...

Read More »

A practical solution to the BREACH vulnerability

scala-logo

Two weeks ago CERT released an advisory for a new vulnerability called BREACH. In the advisory they say there is no practical solution to this vulnerability. I believe that I’ve come up with a practical solution that we’ll probably implement in Play Frameworks CSRF protection. Some background First of all, what is the BREACH vulnerability? I recommend you read the ...

Read More »

Securing HTTP-based APIs With Signatures

java-logo

I work at EMC on a platform on top of which SaaS solutions can be built. This platform has a RESTful HTTP-based API, just like a growing number of other applications. With development frameworks like JAX-RS, it’s relatively easy to build such APIs. It is not, however, easy to build them right.   Issues With Building HTTP-based APIs The problem ...

Read More »

What is Important in Secure Software Design?

software-development-2-logo

There are many basic architectural and design mistakes that can compromise the security of a system: Missing something important in security features like access control or auditing, privacy and compliance requirements; Technical mistakes in understanding and implementing defence-against-the-dark-arts security stuff like crypto, managing secrets and session management (you didn’t know enough to do something or to do it right); Misunderstanding ...

Read More »

Choosing between a Pen Test and a Secure Code Review

software-development-2-logo

Secure Code Reviews (bringing someone in from outside of the team to review/audit the code for security vulnerabilities) and application Pen Tests (again, bringing a security specialist in from outside the team to test the system) are both important practices in a secure software development program. But if you could only do one of them, if you had limited time ...

Read More »

Understanding Transport Layer Security / Secure Socket Layer

software-development-2-logo

Transport Layer Security (TLS) 1.0 / Secure Sockets Layer (SSL) 3.0, is the mechanism to provide private, secured and reliable communication over the internet. It is the most widely used protocols that provides secure HTTPS for internet communications between the client (web browsers) and web servers. It ensures that the transport of sensitive data are safe from cyber crimes which ...

Read More »

Want to take your Java skills to the next level?

Grab our programming books for FREE!

Here are some of the eBooks you will get:

  • Advanced Java Guide
  • Java Design Patterns
  • JMeter Tutorial
  • Java 8 Features Tutorial
  • JUnit Tutorial
  • JSF Programming Cookbook
  • Java Concurrency Essentials