Building and using FIPS capable OpenSSL in Apache Tomcat

0
This step-by-step guide shows the way to smoothly build FIPS capable OpenSSL library for use in the FIPS 140-2 compliant Tomcat server on Windows...

Taint analysis added to FindBugs

0
After finishing hard-coded passwords detector, I have focused on improving the detection of the most serious security bugs, which could be found by static...
FindBugs GUI

Detection of hard-coded passwords improved

0
In the previous article, I was describing the creation of a new FindBugs detector for hard-coded passwords and cryptographic keys. I also mentioned some...

How we detect vulnerable libraries using OWASP Dependency Check

4
While caring about security of our code is arguably important, it is not enough for building a secure product. Vulnerabilities might also arise from...

Tinkering with ZeroMQ security

3
While choosing the right security layer for messaging via ZeroMQ, there were two main considerations: built-in security CurveZMQ or usage of more conventional TLS...

.NET-Java key agreement made easy

0
In latest project we came across the problem of securing communication, where peers don't share backend language. Our goal was to securely generate shared...
software bug

Extending FindBugs to detect hard-coded passwords

0
FindBugs is a great open source tool for detection of software bugs in Java. It uses static analysis to search compiled classes for hundreds...

Secure Software Development

0
Nowadays, security becomes an important aspect of almost every software system. Unfortunately, it does not necessary mean that security is adequately considered in every...

Secure password storage

0
Most systems today need to handle the user authentication. That means, the password entered during user registration must be stored in the system for later...

Our ODC Analyzer Tool Open-Sourced

0
As I have written some time ago, we use OWASP Dependency check in order to scan our product for known vulnerabilities. But when you...