JSON Web Tokens

JSON Web Tokens With Spring Cloud Microservices

Thomas Kendall Java, JavaScript, Microservices, Security 3 Comments

At Keyhole, we have published several blogs about Microservices. We’ve talked about architectural patterns used in a Microservices environment such as service discovery and circuit breaker. We’ve even posted blogs on platforms and tools, such as the recent blog on Service Fabric. One important piece of the architecture that we have glossed over is the security around Microservices. Specifically, authentication …


Don’t Hate the HATEOAS Part Deux: Springtime for HATEOAS

Billy Korando Java, Spring, Technology Snapshot Leave a Comment

In the much belated conclusion to my series on HATEOAS, we will be diving into how to implement HATEOAS using Spring-Data-REST and Spring-HATEOAS. It is springtime for HATEOAS! I put together a functioning project that will demonstrate the code examples I have below as well as a few other features. The project can be found here: https://github.com/in-the-keyhole/hateoas-demo-II. JDK 8 and Maven are …


Don’t just randomize, truly randomize!

Vince Pendergrass Java, JavaScript, Security, Technology Snapshot Leave a Comment

The state of web application cryptography has changed, and each development language provides its own way of working with it. I will touch on the current state of random number generation and the differences found with it within the Java and JavaScript development languages. When designing and building web applications, security concerns obviously play a crucial role. The term security …


Top 10 Web Application Security Risks From OWASP

Todd Horn Security Leave a Comment

The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Its mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Every few years the organization publishes a top 10 list on web application security risks. First released back in 2003, …