Security

Keeping Your Software Healthy: The Critical Role of Dependency Updates

April 13, 2024

Programming Software-Development Project Management Sdlc Security Devops Best-Practices

Discover best practices for effective dependency management in software development and learn strategies to keep your projects secure, efficient, and free of technical debt. This comprehensive guide covers the critical importance of regularly updating dependencies, utilizing automated tools and processes to streamline dependency management, fostering a culture of proactive updates through incentives and education, and implementing organization-wide dependency management strategies at scale. Whether you’re an application developer, software architect, or engineering manager, this article provides actionable insights to help you master dependency updates and ensure your software stays healthy and high-performing.

Using Self-Signed Multi-Domain Certificates

December 31, 2017

Devops Web Security

Self-signed certificates are usually used for TLS authentication on non-production environments. We’ll discuss here how to generate proper certificate for your server.

Secure Java Coding Best Practices

August 1, 2015

Programming Security Java Web

Making your web application flawless against security attacks is a challenge for every java developer. In this article I will briefly describe common practical development techniques that can help you to achieve it.

Secure Java Logging with Logback

July 26, 2015

Programming Security Java Logging Logback

Deploying application into secure environment adds some restrictions on logging and log management. OWASP community gives some useful recommendations.

API Authentication: Generating HMAC digest in PHP and Java

May 20, 2015

Programming Programming Java Php Security

User authentication is an important part of the web service API design. One of the common approach is the Hash-based Message Authentication Code – HMAC. Used together with transport level security it provides reliable mechanizm of user authentication and message integrity validation.

Web Security Resources

May 3, 2015

Programming Web Security

Here are some useful links to security resources:

OWASP to 10 v.2013– A list of the 10 Most Critical Web Application Security Risks.
OWASP: list of website security attacks
OWASP: list of website vulnerabilities
OWASP Development Guide – The OWASP Developer Guide 2014 is a dramatic re-write of one of OWASP’s first and most downloaded projects. The focus moves from countermeasures and weaknesses to secure software engineering. The Developer Guide 2014 is a “first principles” book - it’s not specific to any one language or framework, as they all borrow ideas and syntax from each other. There are highly specific issues in different languages, such as PHP configuration settings or Spring MVC issues, but we need to look past these differences and apply the basic tenets of secure system engineering to application security.
OWASP Testing Guide (version 4 PDF)
OWASP Enterprise Security API / ESAPI 2.x on GitHub – ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development.
OWASP Resources on GitHub
Offensive Security Exploit Database Archive
CVE – CVE is a dictionary of publicly known information security vulnerabilities and exposures.
National Vulnerability Database – NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.