Security
-
Software Development
Application Security – Can you Rely on the Honeymoon Effect?
I learned about some interesting research from Dave Mortman at this year’s RSA conference in San Francisco which supports the…
Read More » -
Software Development
Verifying Secure Password Storage Externally
Many websites (including big ones like Adobe, Yahoo, LinkedIn, Gawker, etc.) store user passwords insecurely. Either in plain text, or…
Read More » -
Software Development
Apache Tomcat and Denial-of-service vulnerability
Websites hosted on Apache Tomcat servers seem to be vulnerable against denial-of-service attacks, as was recently proven by security researchers…
Read More » -
Software Development
Cryptography & Theory 2: What is Pseudorandom
As was concluded in the first part of this series, security without randomness is impossible. Deterministic ciphers are unable to…
Read More » -
Core Java
AES-256 Encryption with Java and JCEKS
Overview Security has become a great topic of discussion in the last few years due to the recent releasing of…
Read More » -
Enterprise Java
Invoking APIs using a Web App with OAuth2 and use of JWT – WSO2 API Manager
In this post I am to share my experience and understandings using WSO2 API Manager(API-M) for a very common and…
Read More » -
Software Development
Detecting and Fixing XSS using OWASP tools
Much have been written about XSS vulnerabilities scanning. In this article we will try to go a little further and…
Read More » -
Software Development
How much can Testers help in Appsec?
It’s not clear how much of a role QA – which in most organizations means black box testers who do…
Read More » -
Enterprise Java
How to configure an SSL Certificate with Play Framework for https
I spent hours trying to get this to work, and in the end, then problem was that I did not…
Read More »
