Owasp on Micha Kops' Tech Notes

Detecting Vulnerable Dependencies with Maven and the OWASP Dependency Check Plugin

Tue, 03 Oct 2017 00:00:00 +0200

On the one hand adding dependencies to a project is easy, on the other hand securing a project and checking for vulnerable dependencies is way harder.

The OWASP dependency check plugin for Maven allows us to scan our project’s dependencies for know vulnerabilities.

I will demonstrate its usage in the following short example.

Figure 1. OWASP Vulnerability Report

Dependencies

We just need to add one plugin-dependency to our Mavenized project’s pom.xml.

Snippet: Creating secure Password Hashes in Java with Heimdall

Sun, 12 Jul 2015 00:00:00 +0200

These days where a cheap GPU for about 100 € is capable to create 3 billion of MD5 Hashes per second, we need not only need to use salts the right way but we also need to choose a strong, non-reversible and slow hashing schemes when storing passwords in our application.

Heimdall is a library that implements a secure and upgradable password hashing mechanism and uses at the time of writing this article PBKDF2 SHA-1 HMAC with 20000 iterations and a 192 bit (24 byte) salt per default.