Security
-
Software Development
Choosing between a Pen Test and a Secure Code Review
Secure Code Reviews (bringing someone in from outside of the team to review/audit the code for security vulnerabilities) and application…
Read More » -
Enterprise Java
Browser-based Key Generation and interaction with the Browser’s Key/Certificate Store
Imagine the following scenario: You need to get a key (in the asymmetric case the user’s public key) from a…
Read More » -
Software Development
Understanding Transport Layer Security / Secure Socket Layer
Transport Layer Security (TLS) 1.0 / Secure Sockets Layer (SSL) 3.0, is the mechanism to provide private, secured and reliable…
Read More » -
Core Java
Java 7 Update 21 Security Improvements in Detail
Oracle released three updates to Java yesterday. It is important to note that they contain several security related changes. The…
Read More » -
Software Development
Penetration Testing Shouldn’t be a Waste of Time
In a recent post on “Debunking Myths: Penetration Testing is a Waste of Time”, Rohit Sethi looks at some of…
Read More » -
Core Java
Weaknesses in Java Pseudo Random Number Generators (PRNGs)
This will be a sum up of a Paper written by Kai Michaelis, Jörg Schwenk and me, which was presented…
Read More » -
Software Development
Yes Small Companies Can – and Should – Build Secure Software
‘For large software companies or major corporations such as banks or health care firms with large custom software bases, investing…
Read More » -
Core Java
Cryptography Using JCA – Services In Providers
The Java Cryptography Architecture (JCA) is an extensible framework that enables you to use perform cryptographic operations. JCA also promotes…
Read More » -
Software Development
Peer reviews for security are a waste of time?
At this year’s RSA conference, one of the panel’s questioned whether software security is a waste of time. A panellist,…
Read More »
