Y Soft is a Czech based global company helping businesses with digital transformation. We constantly innovate, collaborate and support each other.
www.daretothinkbyg.com
Secure password storage
Most systems today need to handle the user authentication. That means, the password entered during user registration must be stored in the system for later...
How we detect vulnerable libraries using OWASP Dependency Check
While caring about security of our code is arguably important, it is not enough for building a secure product. Vulnerabilities might also arise from...
Taint analysis added to FindBugs
After finishing hard-coded passwords detector, I have focused on improving the detection of the most serious security bugs, which could be found by static...
Detection of hard-coded passwords improved
In the previous article, I was describing the creation of a new FindBugs detector for hard-coded passwords and cryptographic keys. I also mentioned some...
Our ODC Analyzer Tool Open-Sourced
As I have written some time ago, we use OWASP Dependency check in order to scan our product for known vulnerabilities. But when you...
Secure Software Development
Nowadays, security becomes an important aspect of almost every software system. Unfortunately, it does not necessary mean that security is adequately considered in every...
Extending FindBugs to detect hard-coded passwords
FindBugs is a great open source tool for detection of software bugs in Java. It uses static analysis to search compiled classes for hundreds...
Building and using FIPS capable OpenSSL in Apache Tomcat
This step-by-step guide shows the way to smoothly build FIPS capable OpenSSL library for use in the FIPS 140-2 compliant Tomcat server on Windows...
Tinkering with ZeroMQ security
While choosing the right security layer for messaging via ZeroMQ, there were two main considerations: built-in security CurveZMQ or usage of more conventional TLS...
.NET-Java key agreement made easy
In latest project we came across the problem of securing communication, where peers don't share backend language. Our goal was to securely generate shared...