Awesome news today, my two security sessions at JavaOne 2014 have been accepted! I’ll be speaking about Security starts in the head(er) (CON2371) and 7 security tools and libraries every developer should know (CON2585) (see the session information below). Flight and hotel are booked; hope to see you in San Francisco! Security starts in the… Continue reading My two security sessions at JavaOne 2014
JavaServer Faces (JSF) – especially since version 2.2 – provides a good Cross-Site Request Forgery (CSRF) protection. To achieve this, every form automatically receives a random hidden token: Nothing more to do for the developer, JSF takes care of comparing the token’s value against the one stored in the server side session. Without the correct… Continue reading JSF stateless views and CSRF protection
JavaLand 2014 is over, and it has been a great first edition of the conference! It was a great privilege speaking there. The sessions I’ve attended were interesting, I ended up with a lot of new ideas for the weeks to come. The different community activities made it really easy to get in touch with… Continue reading A look back at JavaLand 2014
Unfortunately, todays recording at JavaLand by Steve Chin (NightHacking) did not work out as expected, but one picture remains:
I recently ran into some trouble when trying to show a background image in a JSF page which was included via a stylesheet. When using <h:outputStylesheet library=”css” value=”styles/styles.css” name=”styles.css” /> to include the stylesheet into the JSF page, referencing resources (like images) in the CSS file need a special URL form. The typical form html… Continue reading JSF – Referencing resources in stylesheets
My (German) book Java-Web-Security – Sichere Webanwendungen mit Java entwickeln is available at dpunkt.verlag since February 25th 2014 and of course in every book store out there.
I’ll be speaking about Java Security Myths at Berlin Expert Days (BED-Con) on April 3rd/4th 2014. Hope to see you there, it’s about time to develop secure Java web applications!
JCrypTool 1.0.0 Release Candidate 7 is available for download! We fixed a lot of bugs, enhanced a lot of features and integrated six new crypto plug-ins: New visualization plug-in Extended RSA New visualization plug-in Signature Demonstration New visualization plug-in Public-Key Infrastructure New visualization plug-in Huffman Coding New visualization plug-in Shanks Babystep-Giantstep New games plug-in Divide… Continue reading JCrypTool 1.0.0 Release Candidate 7 available
Early 2014 in a bookstore near you Java-Web-Security: Sichere Webanwendungen mit Java entwickeln (German only, at least at the moment…)
I recently had a requirement for web service availability at root context level on JBoss AS 7. Without any configuration, a web service URL (as the rest of the web application) contains the jars’ name like http://localhost:8080/MyJar/MyService/MyEndpoint whereas my desired URL looked like http://localhost:8080/MyService/MyEndpoint without the jars’ name. Adding the jboss-webservices.xml file to the META-INF… Continue reading JBoss AS 7 context-root manipulation for web services