How to use SSH tunneling to get to your restricted servers

Have you ever been told that in your network serverX can only be reached by a serverY via SSH? Now…

Read More »

How to setup custom SSLSocketFactory’s TrustManager per each URL connection

We can see from javadoc that javax.net.ssl.HttpsURLConnection provided a static method to override with setDefaultSSLSocketFory() method. This allow you to…

Read More »

Single Sign-On with the Delegated Access Control Pattern

Suppose a medium-scale enterprise has a limited number of RESTful APIs. Company employees are allowed to access these APIs via…

Read More »

WSO2 Identity Server 5.0.0 Authentication Framework

The WSO2 Identity Server 5.0.0 takes the identity management into a new direction. No more there will be federation silos…

Read More »

Identity Anti-patterns: Federation Silos and Spaghetti Identity

A recent research done by the analyst firm Quocirca confirms that many businesses now have more external users than internal…

Read More »

Chained Access Delegation Pattern

Suppose a medium-scale enterprise that sells bottled water has a RESTful API (Water API) that can be used to update…

Read More »

Getting A List of Available Cryptographic Algorithms

How do you learn what cryptographic algorithms are available to you? The Java spec names several required ciphers, digests, etc.,…

Read More »

Trust instead of Threats

According to Dr. Gary McGraw’s ground breaking work on software security, up to half of security mistakes are made in…

Read More »

10 things you can do to as a developer to make your app secure: #10 Design Security In

There’s more to secure design and architecture besides properly implementing Authentication, Access Control and Logging strategies, and choosing (and properly…

Read More »