RSS

Tag Archives: Security

Spring Security Basics

Episode 63

Welcome to the next installment of the series about Spring-based web applications development. So far we have covered Angular JS fronted, Spring core, webservices, database access and unit tests. Today we are going to take care of our application security – basic authentication and authorization, users, roles, custom login form and method level security.

70d42d4aaa6aede4b84bde43e3dead63

Spring Security project started as Acegi security around 2004 and initially focused on custom authorization, using standard Java Enterprise Edition container managed authentication. Version 1.0.0 became official Spring sub-project in 2006 and year later was re-branded to Spring Security. Say hello to Alice, Bob and Eve.

Foundations

We should briefly clarify some security terminology, which might sometimes by confusing:

Identification is stating a subject identity, like user name, without yet providing any proof for that (Hi, I’m Alice). Read the rest of this entry »

 
Leave a comment

Posted by on March 30, 2017 in Spring, Technology

 

Tags: , , ,

Software Talks Rzeszów Dec 2016 and banking apps security

Episode 48

Software Talks is a recurring event organized by PGS Software, consisting of tech talks, beer, pizza and a lot of fun. Some time ago I wrote about the two September editions in Wrocław and Gdańsk, in which I took part as a speaker. On December 8th there was another event, this time in Rzeszów, a city located in south-eastern Poland. I was a speaker for the third time in a row, but for the first time with my colleague Tomasz Zieliński, who recently made a lot of noise in Polish banking environment, preparing a report, which exposed several critical security issues and other major problems in their mobile banking applications. If you read my article about working for different types of companies, you might have noticed that I’m not a big fan of banks’ approach to software development, so I’m going to elaborate on Tomasz findings without mercy.

Background

Last time on Software Talks I spoke with Piotr Konieczny, Polish security expert. This time there was an idea to focus more on Java / software development topics, so I was on a mission to find a second Java speaker. I found one, but at the last moment some issues appeared and he couldn’t make it, so his place was taken by Tomasz, who is actually our Android expert.

15192729_1352447311446640_7009143606265597268_n

It was kind of a busy week for me, as I was three days in Berlin with our client, arrived in Wrocław on Wednesday evening, and an hour later I was in a car with Read the rest of this entry »

 
1 Comment

Posted by on December 15, 2016 in News, Technology

 

Tags: , , ,