java security | The Blog Pros

March 20, 2022

How to Use JWT Securely

In my articles about Spring Boot Security and LDAP authentication, we implemented JWT as a user information carrier between client and server. You can access those articles from here and here. In this article, we will dig into another concept, usage of JWT securely in a Spring Boot application.

JWT (JSON Web Token) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. You may get detailed information from its official website.

December 23, 2021

Protecting Java Application From Stealing Data and Source Code

Attack Scenarios

In this article, we review possible ways how to inject malware code in JVM/to sniff JVMs traffic/etc. The key objective of this article is to explain how to protect your application. The plan is to perform the next attacks:

Read sensitive data from the dump.
Steal source code by injecting malware in an external dependency.

Stealing Data From Java Dump

If someone got access to the Java process he might be able to read sensitive information like passwords or database addresses. Let's take a look into the next DataSource configuration:

December 18, 2021

Importance of Learning Java for Cybersecurity

As a new generation of threats pop-up, Java has become one of the most-used programming languages for applications, including cybersecurity. If you’re into application development, you’ll know that Java is ubiquitous for daily use. Knowing the language can be useful for a career in cybersecurity.

With that said, it’s vital to learn not only how to read and program Java but also its value in the field of cybersecurity. This will allow you to get one step ahead of hackers and other malicious parties. Here’s why learning Java is a crucial step for cybersecurity.

September 11, 2020

How to Keep Your Java Applications Secure

A little over a year ago, in April 2019, the way most Java users accessed updates for the JDK changed. The reason for this was a combination of changes made by Oracle to how the JDK is developed and the licensing terms of the Oracle JDK.

The Oracle JDK 11 and Oracle JDK 8 (from update 211) now use the Oracle Technology Network License Agreement. This limits free use to only four cases:

June 25, 2020

Top 3 Tips for Ensuring Security During Java Development

Even though Java has been around since the 1990s, it continues to be a popular programming language in the development ecosystem. It is because Java has long demonstrated its value as an A-grade resource that allows developers to effectively deal with the many challenges associated with other prevalent languages and enable the development of high-quality solutions.

Java continues to be celebrated as a terrific programming language that delivers ace levels of security. However, that also does not mean that programmers can take protection for granted. To put it simply, ensuring the safety of your Java app should be one of the top priorities for any company, for, without it, the business is likely to suffer the wrath of consumers' distrust! So, to help you avoid that situation and continue to deliver Java apps with top-notch quality and safety, we have listed some of the best practices that one would do well to adopt and integrate into their Java web application development project.

February 1, 2019

The Magic Behind Burp, ZAP, and Other Proxies

If you build web applications and care about security, you have probably used the Burp and ZAP proxy security tools. These tools perform dynamic analysis of live web applications to identify security vulnerabilities. Burp and ZAP can discover issues with your applications as you navigate through them via a browser. Essentially, it was configured as the "man in the middle" and was able to intercept all traffic between your browser and web application. Have you ever wondered how it is possible to intercept encrypted traffic over https? This article explains how it is done and provides a basic framework for creating your own proxy software.

To get started with Burp and ZAP (from now on, I'll refer to these as simply the "proxy"), you have to decide what port you want the proxy to listen on and configure your browser to use that port as a proxy. In Firefox, to use port 9000, your configuration might look like the following:

January 17, 2019

Keep Your Secrets Away From Code (Consul + Spring)

Consul

According it's documentation, "Consul is a distributed service mesh to connect, secure, and configure services across any runtime platform and public or private cloud."

You can read more about Consul here.

January 16, 2019

Spring Security 5 Form Login With Database Provider

Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. It is one of the most powerful and highly customizable authentication and access control frameworks in the Java ecosystem.

This article is going to focus on Spring Security Form Login which is one of the most necessary parts of web applications. The example I am presenting here is a part of pdf (Programming Discussion Forum), a web application built with Spring 5, Hibernate 5, Tiles, and i18n.