Signing Java Code

In a previous post, we discussed how to secure mobile code. One of the measures mentioned was signing code. This…

Read More »

Building Both Security and Quality In

One of the important things in a Security Development Lifecycle (SDL) is to feed back information about vulnerabilities to developers.…

Read More »

What is HMAC Authentication and why is it useful?

To start with a little background, then I will outline the options for authentication of HTTP based server APIs with…

Read More »

Fixing common Java security code violations in Sonar

This article aims to show you how to quickly fix the most common java security code violations. It assumes that…

Read More »

How to Cheat at Application Security

Developers need to know a lot in order to build secure applications. Some of this is good software engineering and…

Read More »

Outbound Passwords

Much has been written on how to securely store passwords. This sort of advice deals with the common situation where…

Read More »

XACML In The Cloud

The eXtensible Access Control Markup Language (XACML) is the de facto standard for authorization. The specification defines an architecture (see…

Read More »

Security Requirements With Abuse Cases

Gary McGraw describes several best practices for building secure software. One is the use of so-called abuse cases. Since his…

Read More »

Bcrypt, Salt. It’s The Bare Minimum.

The other day I read this Arstechnica article and realized how tragic the situation is. And it is not this…

Read More »