Clik here to view.
Securing Mobile Java Code
Mobile Code is code sourced from remote, possibly untrusted systems, that are executed on your local system. Mobile code is an optional constraint in the REST architectural style. This post...
View ArticleClik here to view.
A Detailed Look At Persistent Threats
Advanced Persistent Threats (APTs) are sophisticated cyber attacks that have moved from the realm of the military to the mainstream. Since we are now potentially all under attack, it’s imperative that...
View ArticleClik here to view.
Signing Java Code
In a previous post, we discussed how to secure mobile code. One of the measures mentioned was signing code. This post explores how that works for Java programs. Digital Signatures The basis for digital...
View ArticleClik here to view.
XACML Vendor: NextLabs
This is the third in a series of posts where I interview XACML vendors. This time we talk to NextLabs. Why does the world need XACML? What benefits do your customers realize? Over the last 20 years IT...
View ArticleClik here to view.
Sandboxing Java Code
In a previous post, we looked at securing mobile Java code. One of the options for doing so is to run the code in a cage or sandbox. This post explores how to set up such a sandbox for Java...
View ArticleClik here to view.
Permissions in OSGi
In a previous post, we looked at implementing a sandbox for Java applications in which we can securely run mobile code. This post looks at how to do the same in an OSGi environment. OSGi The OSGi...
View ArticleClik here to view.
Using Cryptography in Java Applications
This post describes how to use the Java Cryptography Architecture (JCA) that allows you to use cryptographic services in your applications. Java Cryptography Architecture Services The JCA provides a...
View ArticleClik here to view.
Book review: Secure Programming with Static Analysis
One thing that should be part of every Security Development Lifecycle (SDL) is static code analysis. This topic is explained in great detail in Secure Programming with Static Analyis. Chapter 1, The...
View ArticleClik here to view.
How To Secure an Organization That Is Under Constant Attack
There have been many recent security incidents at well-respected organizations like the Federal Reserve, the US Energy Department, the New York Times, and the Wall Street Journal. If these large...
View ArticleClik here to view.
Is XACML Dead?
XACML is dead. Or so writes Forrester’s Andras Cser. Before I take a critical look at the reasons underlying this claim, let me disclose that I’m a member of the OASIS committee that defines the XACML...
View ArticleClik here to view.
Securing HTTP-based APIs With Signatures
I work at EMC on a platform on top of which SaaS solutions can be built. This platform has a RESTful HTTP-based API, just like a growing number of other applications. With development frameworks like...
View ArticleClik here to view.
How To Start With Software Security
The software security field sometimes feels a bit negative. The focus is on things that went wrong and people are constantly told what not to do. Build Security In One often heard piece of advice is...
View ArticleClik here to view.
How To Start With Software Security – Part 2
Last time, I wrote about how an organization can get started with software security. Today I will look at how to do that as an individual. From Development To Secure Development As a developer, I...
View ArticleClik here to view.
The Decorator Pattern
One design pattern that I don’t see being used very often is Decorator. I’m not sure why this pattern isn’t more popular, as it’s quite handy. The Decorator pattern allows one to add functionality to...
View ArticleClik here to view.
How To Control Access To REST APIs
Exposing your data or application through a REST API is a wonderful way to reach a wide audience. The downside of a wide audience, however, is that it’s not just the good guys who come looking....
View Article
