Cross Site Scripting (XSS) and prevention

Variants of Cross site scripting (XSS) attacks are almost limitless as mentioned on the OWASP site (https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)). Here I propose…

Read More »

WSO2 Identity Server: Identity Management platform

WSO2 Identity Server provides a flexible, extensible and robust platform for Identity Management. This blog post looks inside WSO2 Identity…

Read More »

Spring security 3 Ajax login – accessing protected resources

I have seen some blogs about Spring Security 3 Ajax login, however I could not find any that tackles how…

Read More »

Spring Security – Two Security Realms in one Application

This blog post is mainly about Spring Security configuration. More specifically it is intending to show how to configure two…

Read More »

GlassFish JDBC Security with Salted Passwords on MySQL

One of the most successful posts on this blog is my post about setting up a JDBC Security Realm with…

Read More »

Hash Length Extension Attacks

In this post I will try to leave the summer slump behind and focus on more interesting things than complaining…

Read More »

Database Abstraction and SQL Injection

I have subscribed to various user groups of jOOQ’s competing database abstraction tools. One of which is ActiveJDBC, a Java…

Read More »

Extending JMeter with a WS-Trust/STS sampler

JMeter does not have any inbuilt support for WS-Security or WS-Trust and that made me develop this STS Sampler for…

Read More »

Implementing SAML to XACML

Before Implementing SAML This is how a XACML request will looks like when it is arriving at PDP(Policy Decision Point)…

Read More »