The Journal (Page 3)

Brennenstuhl on Security Engineering

How to Make Your Login Forms Password-Manager Friendly
Learning AssertJ: Null ain't Blank

Learning AssertJ: Null ain't Blank

This AssertJ bug could lead to severe issues: In Java, a blank String is a CharSequence that is empty, null or whitespace only – except when you use AssertJ!

· 2min read · Updated!
The Purpose of JWT: Stateless Authentication

The Purpose of JWT: Stateless Authentication

JSON Web Token (JWT) allow you to establish stateless authentication. I explain why this is important and what's the fundamental difference to stateful authentication.

· 9min read · Updated!
On Making Spring Security OAuth RFC-compliant

On Making Spring Security OAuth RFC-compliant

On Fixing Spring Security OAuth: I fixed a small HTTP header extractor for the Spring Security OAuth open source project recently. Here's what happened & what I learned...

· 4min read · Updated!
Weak Crypto in Google Cloud Platform, Github SAML Attack & Twitter Security UX

Weak Crypto in Google Cloud Platform, Github SAML Attack & Twitter Security UX

Want to use JWT for password-reset or email activation? Turn app state into HMAC-keys to guarantee one-time use of JWTs! This is how it works …

· 3min read · Updated!
Single-Use JWT: Unlocking the Power of Stateless One Time Token

Single-Use JWT: Unlocking the Power of Stateless One Time Token

I delve into the transformative potential of JWTs as one-time tokens, exploring their advantages, implementation considerations, and real-world use cases.

· 8min read · Updated!
Secure Your AWS DynamoDB Data: A Backup & Recovery Strategy for Uninterrupted Business Operations

Secure Your AWS DynamoDB Data: A Backup & Recovery Strategy for Uninterrupted Business Operations

In this article, I outline a DynamoDB backup and recovery strategy based on Datapipelines, S3 & AWS Lambdas.

· 3min read · Updated!