10 things you can do to make your app secure: #1 Parameterize Database Queries

OWASP’s Top 10 Risk list for web applications is a widely recognized tool for understanding, describing and assessing major application…

Read More »

SSL encrypted EJB calls with JBoss AS 7

Encrypting the communication between client and server provides improved security and privacy protection for your system. This can be an…

Read More »

Easter Hack: Even More Critical Bugs in SSL/TLS Implementations

It’s been some time since my last blog post – time for writing is rare. But today, I’m very happy…

Read More »

Application Security – Can you Rely on the Honeymoon Effect?

I learned about some interesting research from Dave Mortman at this year’s RSA conference in San Francisco which supports the…

Read More »

Verifying Secure Password Storage Externally

Many websites (including big ones like Adobe, Yahoo, LinkedIn, Gawker, etc.) store user passwords insecurely. Either in plain text, or…

Read More »

Apache Tomcat and Denial-of-service vulnerability

Websites hosted on Apache Tomcat servers seem to be vulnerable against denial-of-service attacks, as was recently proven by security researchers…

Read More »

Cryptography & Theory 2: What is Pseudorandom

As was concluded in the first part of this series, security without randomness is impossible. Deterministic ciphers are unable to…

Read More »

AES-256 Encryption with Java and JCEKS

Overview Security has become a great topic of discussion in the last few years due to the recent releasing of…

Read More »

Invoking APIs using a Web App with OAuth2 and use of JWT – WSO2 API Manager

In this post I am to share my experience and understandings using WSO2 API Manager(API-M) for a very common and…

Read More »