Awesome news today, my two security sessions at JavaOne 2014 have been accepted! I’ll be speaking about Security starts in the head(er) (CON2371) and 7 security tools and libraries every developer should know (CON2585) (see the session information below). Flight and hotel are booked; hope to see you in San Francisco! Security starts in the […]
Author Archives: Dominik
JSF stateless views and CSRF protection
JavaServer Faces (JSF) – especially since version 2.2 – provides a good Cross-Site Request Forgery (CSRF) protection. To achieve this, every form automatically receives a random hidden token: Nothing more to do for the developer, JSF takes care of comparing the token’s value against the one stored in the server side session. Without the correct […]
A look back at JavaLand 2014
JavaLand 2014 is over, and it has been a great first edition of the conference! It was a great privilege speaking there. The sessions I’ve attended were interesting, I ended up with a lot of new ideas for the weeks to come. The different community activities made it really easy to get in touch with […]
JavaLand interview with Steve Chin/ NightHacking
Unfortunately, todays recording at JavaLand by Steve Chin (NightHacking) did not work out as expected, but one picture remains:
JSF – Referencing resources in stylesheets
I recently ran into some trouble when trying to show a background image in a JSF page which was included via a stylesheet. When using <h:outputStylesheet library=”css” value=”styles/styles.css” name=”styles.css” /> to include the stylesheet into the JSF page, referencing resources (like images) in the CSS file need a special URL form. The typical form html […]
Java-Web-Security – Sichere Webanwendungen mit Java entwickeln
My (German) book Java-Web-Security – Sichere Webanwendungen mit Java entwickeln is available at dpunkt.verlag since February 25th 2014 and of course in every book store out there.
Java Security Myths at Berlin Expert Days on April 3rd/4th 2014
I’ll be speaking about Java Security Myths at Berlin Expert Days (BED-Con) on April 3rd/4th 2014. Hope to see you there, it’s about time to develop secure Java web applications!
JCrypTool 1.0.0 Release Candidate 7 available
JCrypTool 1.0.0 Release Candidate 7 is available for download! We fixed a lot of bugs, enhanced a lot of features and integrated six new crypto plug-ins: New visualization plug-in Extended RSA New visualization plug-in Signature Demonstration New visualization plug-in Public-Key Infrastructure New visualization plug-in Huffman Coding New visualization plug-in Shanks Babystep-Giantstep New games plug-in Divide […]
Java-Web-Security: Sichere Webanwendungen mit Java entwickeln
Early 2014 in a bookstore near you Java-Web-Security: Sichere Webanwendungen mit Java entwickeln (German only, at least at the moment…)
JBoss AS 7 context-root manipulation for web services
I recently had a requirement for web service availability at root context level on JBoss AS 7. Without any configuration, a web service URL (as the rest of the web application) contains the jars’ name like http://localhost:8080/MyJar/MyService/MyEndpoint whereas my desired URL looked like http://localhost:8080/MyService/MyEndpoint without the jars’ name. Adding the jboss-webservices.xml file to the META-INF […]