Menu +

Search Posts

Category: Security in Web App *

How To Encrypt Tomcat 8 Connections with Apache or Nginx on Ubuntu 16.04

Introduction Apache Tomcat is a web server and servlet container designed to serve Java applications. Frequently used in production enterprise deployments and for smaller application needs, Tomcat is both flexible and powerful. In this guide, we will discuss how to secure your Ubuntu 16.04 Tomcat installation with SSL. By default, upon installation, all communication between the Tomcat server and clients is unencrypted, including any passwords entered or any sensitive data. There are a number of […]

The 8 Principles Of Web Security

Web security is based upon 8 basic principles — these are the goals of security.  1. Authentication Confirm something is authentic. Example: confirming the identity of a user.  2. Authorization Specify access rights to resources. Example: only Joe can view Joe’s account balance.  3. Confidentiality Prevent the disclosure of information to unauthorized individuals or systems. Example: message encryption.  4. 5. Data / Message Integrity Data cannot be modified or corrupted without detection.  6. Availability Web […]

11 Design Principles for Secure Applications

Some Design Principles for Secure Applications Software applications come in all sizes — from small embedded systems to large-scale enterprise systems. There are no hard rules or silver bullets regarding what security concerns should be considered for an application, but the following secure design principles can help guide architects and designers alike. Minimize Attack Surface – Reduce entry points that can be exploited by malicious users Least Privilege – Just having enough access level to do the […]

Web Service(WS) Security Tutorial with SOAP Example

What is WS Security? WS Security is a standard that addresses security when data is exchanged as part of a Web service.This is a key feature in SOAP that makes it very popular for creating web services. Security is an important feature in any web application. Since almost all web applications are exposed to the internet, there is always a chance of a security threat to web applications. Hence, when developing web-based applications, it is […]