Application Security

Top Security Mistakes to Avoid in AppDev

Zach Gardner All Industries, Architecture, Articles, Financial, Healthcare, Insurance, Manufacturing, Security, Spring, Supply Chain & Logistics Leave a Comment

Developing custom applications is one of the hardest professional endeavors, and making them secure is even harder. Malicious actors are constantly changing tactics and strategies, which, unfortunately, makes it impossible to completely eliminate any security threat.

There needs to be a balance between delivering features quickly to meet business objectives and mitigating security risks. Thankfully, these two goals are not mutually exclusive. This blog post dives into the top mistakes that can be made while developing custom applications.

These recommendations are different from what would commonly be seen in an OWASP list, and they should be used in addition to whatever security practices and procedures are already in place by an organizationโ€™s infosec department. These recommendations are also written from an application architectโ€™s (rather than an enterprise infrastructure) perspective, so most of them arenโ€™t covered by existing security checklists.

Solid: A New Web Standard Allowing People to Control Their Own Data

Rik Scarborough Articles, Development Technologies & Tools, Programming, Security Leave a Comment

This post contains a recap of my research into the subject and an exploration of Sir Timโ€™s so-called new Internet – a technology called Solid. We’ll start by exploring what Solid is, and then we’ll talk about its purposes and how to use it. It’s a pretty cool technology!

So, letโ€™s dive in. What exactly has Sir Tim Berners-Lee created?

Spring Security 5 with OAuth2 Login

Quick Start: Spring Security 5 OAuth2 Login

Brandon Klimek Articles, Development Technologies & Tools, Security, Spring, Tutorial 1 Comment

Social logins using Oauth2 have become a industry standard. It has revolutionized the way sites share data and has allowed users to quickly access new applications without having to create a new set of credentials. This article gives an example of why OAuth2 was invented and provides a working example of a Spring Security 5 application integrated with Google.

OWASP Dependency Check for Vulnerability Reporting

John Hoestje Articles, Development Technologies & Tools, Java, Security, Tutorial Leave a Comment

TL;DR:ย Add OWASP Dependency-Check to your build process to get insight into your dependency vulnerabilities.

Recent major data losses and security vulnerabilities in open source frameworks *(and the applications that use them)* have caused the companies that use those frameworks to have elevated concerns regarding vulnerabilities. The elevated awareness is for good reason, too. After all, no one wants to be the next one to lose sensitive data, be the punching bag of others, or be the example of what *not* to do security-wise.

If you happen to be in a group that doesnโ€™t have any open source vulnerability reporting, OWASP Dependency-Check may be your short-term answer to get at least something in place. Adding OWASP Dependency-Check into your build process takes a relatively low effort. Other than not having the technology that stack Dependency-Check can help you with, there isnโ€™t a reason not to at least add Dependency-Check to give a little insight into your open source dependencies.

The following parts will help you get Dependency-Check integrated into your Java projectโ€™s build process. The instructions will be adaptable to the other technologies Dependency-Check supports, like Gradle or JavaScript. Dependency-Check is also available as a command line tool for your favorite OS. In this example, Iโ€™ll use a Java project with Maven….