OWASP Dependency Check, Maven plugin that will improve your security

Recently we did a lot of security improvements on all our sites it was long needed and we want to have state of the art security on our websites.

As part of our security projects we went over all of our maven dependencies, cross checked them against vulnerability databases and updated most of them. It’s pointless to have secured app if you are running XML parsing library that allows remote code execution.

This process was very time consuming and not easily repeatable. So I started looking for way to automate it, that way we can check all our dependencies with each release, weekly or daily.

Read More
Using Byteman To Do Advanced Debugging

At my work we develop web application using Java EE with Spring framework. One of our biggest applications has a proxy part to it. Meaning that the request goes into it. Goes through the normal filter chain, through Spring Session, through Spring Security, through a lot of custom interceptors, etc.. At one point this application decides if the current request should be handled by this application it self or proxied to a CMS page rendering micro service. 

Read More