Skip to content

John Melton's Weblog

Java, Security and Technology

  • About

Month: May 2012

Year Of Security for Java – Week 22 – HTTP Parameter Pollution

Tweet What is it and why should I care? HTTP Parameter Pollution (HPP) is a technique that allows you to “override or add HTTP GET/POST parameters by injecting query string delimiters”. This term was created and popularized by a 2009 paper that showed you could tinker with request parameters, specifically by sending the same parameter […]

Read More…

2012/05/31 johnNo Comments

Year Of Security for Java – Week 21 – Anti-Caching Headers

Tweet What is it and why should I care? Caching is a mechanism by which browsers and proxy servers store local copies of remote objects in order to improve performance of the system by not having to fetch these items repeatedly. (That’s actually a decent description of caching in general.) Caching is wonderful for performance, […]

Read More…

2012/05/23 johnNo Comments

Year Of Security for Java – Week 20 – Trust Nothing

Tweet What is it and why should I care? While trust spawns interesting philosophical discussions, here I want to discuss the implications of trust within the applications we build. Trust is a funny thing in that we implicitly give it frequently without considering what we’re trusting. A simple example: //bad bad do not use executeDbQuery(“select […]

Read More…

2012/05/16 johnNo Comments

Year Of Security for Java – Week 19 – Reduce the Attack Surface

Tweet What is it and why should I care? Reducing the attack surface of an application or system means reducing the ways that you can interact with the application, and may involve reducing the functionality the application provides. To most business folks, this sounds very, very bad. However, at its’ core, it’s really just a […]

Read More…

2012/05/09 johnNo Comments

Year Of Security for Java – Week 18 – Perform Application Layer Intrusion Detection

Tweet What is it and why should I care? Application layer intrusion detection is a simple concept that I believe is very, very powerful when it comes to protecting applications. Most of the topics I’ve covered thus far have focused on the development portion of the software life-cycle, but this topic really covers the entire […]

Read More…

2012/05/01 john2 Comments

Decode Theme by Macho Themes

Archives

  • December 2014
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • February 2011
  • November 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • December 2009
  • January 2009
  • January 2008
  • November 2007
  • October 2007
  • August 2007
  • July 2007