Yes Small Companies Can – and Should – Build Secure Software

‘For large software companies or major corporations such as banks or health care firms with large custom software bases, investing…

Read More »

Cryptography Using JCA – Services In Providers

The Java Cryptography Architecture (JCA) is an extensible framework that enables you to use perform cryptographic operations. JCA also promotes…

Read More »

Peer reviews for security are a waste of time?

At this year’s RSA conference, one of the panel’s questioned whether software security is a waste of time. A panellist,…

Read More »

Add RememberMe Authentication With Spring Security

I mentioned in my post Add Social Login to Jiwhiz Blog that the RememberMe function was not working with Spring…

Read More »

Your Password Is No Longer Secret, Part 1

Of course, the title is a trick. Your password is still secret, for now. To be sure that it will…

Read More »

Appsec at RSA 2013

This was my second time at the RSA conference on IT security. Like last year, I focused on the appsec…

Read More »

How To Secure an Organization That Is Under Constant Attack

There have been many recent security incidents at well-respected organizations like the Federal Reserve, the US Energy Department, the New…

Read More »

Why OAuth it self is not an authentication framework ?

Let’s straight a way start with definitions to avoid any confusions. Authentication is the act of confirming the truth of…

Read More »

A brief chronology of SSL/TLS attacks

I haven’t had a substantial post for quite a long time, so it’s time for something useful and interesting. Although…

Read More »