Year of Security For Java – PDF

Tweet As part of wrapping up the past year-long series, I decided to put all of the posts into a single PDF. All of them will remain posted on the site, but you can grab all of the content in one convenient place. Hope you enjoy! Year of Security for Java – Complete Series – […]

Year Of Security for Java – Conclusion and Links

Tweet Year Of Security for Java This will serve as the conclusion to a year-long series on security topics for Java. Let’s first look at the original motivations from the series introduction. There are several motivations for this series: 1. Get some old topics written down 2. Research some new technologies 3. Write 4. Learn […]

Year Of Security for Java – Week 52 – Never Stop Improving

Tweet What is it and why should I care? Information security is a quickly growing field that is changing rapidly in many ways. We are tasked with securing all sorts of technologies and those technologies are moving quickly. The implication here is that even to maintain the status quo requires significant work. However, we don’t […]

Year Of Security for Java – Week 51 – Document Everything

Tweet What is it and why should I care? As I mentioned last week, this series is comming to a close. I also said that I have two concepts that I find myself sharing more than any others. The first I shared last week was to – Think. This week I’ll briefly cover the second […]

Year Of Security for Java – Week 50 – Think

Tweet What is it and why should I care? With the current series coming to a close (wow, finally :>), I’m going to do a bit of wrap-up. While all the posts in the series hopefully have something to offer, I’ve saved my 2 most oft-repeated pieces of advice for last. Actually, neither is specific […]

Year Of Security for Java – Week 49 – Collect and Share Your Data

Tweet What is it and why should I care? Today’s topic is about two of the areas that are weakest in application security – data collection and sharing. We do a pretty terrible job as an industry in both areas, though there have been some marked improvements in the last couple of years that bring […]

Year Of Security for Java – Week 48 – You Will Get Hacked

Tweet What is it and why should I care? You will get hacked. That is not meant to be a sensationalist line, but rather a functional reality in the environment we currently occupy. There are a few reasons I feel safe in stating that assumption: – Many have already been openly hacked, including those that […]

Year Of Security for Java – Week 47 – Store Encryption Keys Securely

Tweet What is it and why should I care? Encryption (specifically talking symmetric encryption here) is a critical component of many applications, and the storage of the encryption key can be tricky to get right. Encryption falls under that area of secure programming that you don’t come into contact with casually, hence you might not […]

Year Of Security for Java – Week 46 – Store User Passwords Securely

Tweet What is it and why should I care? Note 1: I’ve actually wanted to finish this post for quite a while, but every time I tried, I would do some more research and find more rabbit holes to enter. At this point, I’m going to cut my losses, and post what I have now. […]

Year Of Security for Java – Week 45 – Do Threat Modeling

Tweet What is it and why should I care? After the last post covering secure the concept of a secure SDLC, this week we’ll look at a specific activity recommended by the various secure SDLC models: threat modeling. From the view of the secure SDLC, this is an activity that takes place fairly early in […]