Articles Tagged ‘security’

Detecting Vulnerable Dependencies with Maven and the OWASP Dependency Check Plugin

Tuesday, October 3rd, 2017

On the one hand adding dependencies to a project is easy, on the other hand securing a project and checking for vulnerable dependencies is way harder.

The OWASP dependency check plugin for Maven allows us to scan our project’s dependencies for know vulnerabilities.

I will demonstrate its usage in the following short example.

(more…)

Setting up an OAuth2 Authorization Server and Resource Provider with Spring Boot

Sunday, March 13th, 2016

OAuth2 is a frequently used standard for authorization and with Spring Boot it is easy to set up authorization and resource server in no time.

In the following short tutorial I’d like to demonstrate how to set up an OAuth2 authorization server as well as a connected and secured resource server within a few minutes using Java, Maven and Spring Boot.

(more…)

Snippet: Creating secure Password Hashes in Java with Heimdall

Sunday, July 12th, 2015

These days where a cheap GPU for about 100 € is capable to create 3 billion of MD5 Hashes per second, we need not only need to use salts the right way but we also need to choose a strong, non-reversible and slow hashing schemes when storing passwords in our application.

Heimdall is a library that implements a secure and upgradable password hashing mechanism and uses at the time of writing this article PBKDF2 SHA-1 HMAC with 20000 iterations and a 192 bit (24 byte) salt per default.

In the following short examples I’d like to demonstrate how to create password hashes, how to verify passwords and how to check if a password hash needs to be recreated using a more secure algorithm.

(more…)

Java EE: Setting up and Testing Form-Based JDBC Authentication with Arquillian and Maven

Sunday, December 21st, 2014

Especially when it comes to testing, setting up a decent environment for a secured Java EE web application isn’t always an easy thing to do.

In the following tutorial I’d like to demonstrate how to create a secured web application using form-based authentication and a JDBC realm to fetch users and roles and how to run the application in an embedded container for testing and development.

Additionally I’d like to show how to write and run integration tests to verify the security setup using a setup of Maven, Embedded GlassFish, Arquillian, jUnit and rest-assured.

(more…)

Search
Categories