Spring Boot application secured by self-signed HTTPS

In this article we secure our Spring Boot application with HTTPS. First of all we become familiar with TLS/SSL  briefly. Then we see how we can generate a self-signed certificate and secure a simple Spring Boot application. We call this project Spring Boot HTTPS Seed and you can grab the code from my Github. Continue reading

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

OAuth 2.0 authentication of a Native Application to a Secured Web API using Azure AD

In this article we briefly explains how a Native Application client can authenticate itself against Azure AD and obtain access token in order to safely gain access to a secured Web API. Then, a very short example is given using Java and CURL. Continue reading

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Security threats in Uploadify

I have a Plugin installed in my WordPress which gives me a nice statistical overview of the blog. There is a section in this plugin reporting “Top Links”. Surprisingly, these are the top links:

1.
2.
3.
4.
5.
6.
7.
8.
9.
10.

Well, number 2 explains that many people are interested in my backend rather than actual content in the blog.

Interesting links are the ones from number 6 onwards! These links just do not exist in my blog; meaning that there are bots somewhere trying to discover these links on the web. In other words, there is a Uploadify thing somewhere which may have some vulnerabilities!! And guess which country is mainly behind these attacks?! Let’s look at the distribution of the visitors of the blog:

Visitors map

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

How PGP works? A simple introduction

The Pretty Good Privacy (PGP) is an encryption strategy for (de)encrypting and signing data in general and email/messages in specific. While doing PGP, two other well-known cryptography algorithms are going to be used: Public-Key (Asymmetric), and Symmetric cryptography. So we firstly discuss these two ingredients, and then the PGP recipe.
Continue reading

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather