Web

Self-signed certificates are usually used for TLS authentication on non-production environments. We’ll discuss here how to generate proper certificate for your server.

How did you know that your site is down? From your customers? Then it’s time to start using some external monitoring tool.

One of the challenges for start-ups or any new project is to reduce the amount of work while still delivering a full-featured product. Agile methodologies address this challenge on the project management level. Let’s discuss another approach to address it on the architecture level: UI-first development.

I hope you will find following tips useful when developing Spring Boot application with Freemarker.

StackOverflow-driven JS development:

try {
    something
} catch (e) {
     window.open('https://stackoverflow.com/search?q=[js]+"' + e.message + '"');
}

Making your web application flawless against security attacks is a challenge for every java developer. In this article I will briefly describe common practical development techniques that can help you to achieve it.

I’ve been meaning to write a small tutorial for building web applications. Now it’s time! Let’s define the steps and choose some solutions for developing back-end java web application.

I will give my design recommendations and list a technologies I would use. You may have your own opinion and you may share it in comment. Over time, this post may change since my favourites are also changing over time.

There are situations when you need to analyze user’s experience but can’t use a third-party web analytics solutions like Google Analytics or Yandex Metrika. For example, if your production environment is PCI DSS compliant. In this case you have to deploy self-hosted analytics engine and inside your environment and configure user actions tracking in your application.

One of the possible solutions is the piwik as analytics engine + Angulartics or angular-piwik for tracking events inside AngularJS application. In addition to web analytics features, piwik offers a log analytics.

Another option is to use Open Web Analytics (OWA) and write a plugin for Angulartics. OWA Demo

After playing with ui.grid I found one more library to impmenent grids in AngularJS - angularGrid.

It’s quite easy to integrate and faster than ui.grid. You may find other reasons of using this grid on the author’s post.

Here are some useful links to security resources:

• OWASP to 10 v.2013– A list of the 10 Most Critical Web Application Security Risks.
• OWASP: list of website security attacks
• OWASP: list of website vulnerabilities
• OWASP Development Guide – The OWASP Developer Guide 2014 is a dramatic re-write of one of OWASP’s first and most downloaded projects. The focus moves from countermeasures and weaknesses to secure software engineering. The Developer Guide 2014 is a “first principles” book - it’s not specific to any one language or framework, as they all borrow ideas and syntax from each other. There are highly specific issues in different languages, such as PHP configuration settings or Spring MVC issues, but we need to look past these differences and apply the basic tenets of secure system engineering to application security.
• OWASP Testing Guide (version 4 PDF)
• OWASP Enterprise Security API / ESAPI 2.x on GitHub – ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development.
• OWASP Resources on GitHub
• Offensive Security Exploit Database Archive
• CVE – CVE is a dictionary of publicly known information security vulnerabilities and exposures.
• National Vulnerability Database – NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.