software bug

Extending FindBugs to detect hard-coded passwords

0
FindBugs is a great open source tool for detection of software bugs in Java. It uses static analysis to search compiled classes for hundreds...

Our ODC Analyzer Tool Open-Sourced

0
As I have written some time ago, we use OWASP Dependency check in order to scan our product for known vulnerabilities. But when you...

.NET-Java key agreement made easy

0
In latest project we came across the problem of securing communication, where peers don't share backend language. Our goal was to securely generate shared...

How we detect vulnerable libraries using OWASP Dependency Check

4
While caring about security of our code is arguably important, it is not enough for building a secure product. Vulnerabilities might also arise from...

Building and using FIPS capable OpenSSL in Apache Tomcat

0
This step-by-step guide shows the way to smoothly build FIPS capable OpenSSL library for use in the FIPS 140-2 compliant Tomcat server on Windows...
FindBugs GUI

Detection of hard-coded passwords improved

0
In the previous article, I was describing the creation of a new FindBugs detector for hard-coded passwords and cryptographic keys. I also mentioned some...

Secure password storage

0
Most systems today need to handle the user authentication. That means, the password entered during user registration must be stored in the system for later...

Taint analysis added to FindBugs

0
After finishing hard-coded passwords detector, I have focused on improving the detection of the most serious security bugs, which could be found by static...

Secure Software Development

0
Nowadays, security becomes an important aspect of almost every software system. Unfortunately, it does not necessary mean that security is adequately considered in every...

Tinkering with ZeroMQ security

3
While choosing the right security layer for messaging via ZeroMQ, there were two main considerations: built-in security CurveZMQ or usage of more conventional TLS...