Skip to content
Monday, March 27, 2023
  • Operations
  • Other Properties (Public)
  • Portfolio

Java

Application Security Java

Your Java Web App Allows Uploads? I Am SO Sorry!

March 14, 2017terranceComment(0)

Introduction Does your Java web application have to allow users to upload files? My condolences! Uploading a file to your web server is like inviting the Trojans to bring in their horse. A big horse, made of wood, that sounds suspiciously hollow. Except for whatever’s rolling around in there. In some cases, that’s literally what’s […]

Application Security Java

Can’t Use Whitelists for your Java Web App? Don’t Abandon Hope!

January 26, 2017January 30, 2017terranceComment(0)

We all know protecting input is important. A few posts ago, I talked about one option: using whitelists. Implementing a whitelist means you only allow a certain (generally small) set of character into your input fields. I pointed out that they’re great for web applications that are very, very focused in their functionality, like a […]

Application Security Java

Protecting Input: Don’t Allow SQL Injection, Java Style!

December 22, 2016January 30, 2017terranceComment(0)

Introduction The problem with databases is that they do what we tell them to. Really, that’s so annoying sometimes! Does that sound like an irrational statement? Unfortunately, it’s not, and that’s because there are malicious folks in the world who would like nothing better than to either steal your data or ruin it. And it’s […]

Application Security Java

Protecting Input: Implement Whitelists

November 16, 2016January 30, 2017terranceComment(0)

Introduction We all know how important it is to keep malicious content from getting into our websites. Many of the most common attacks the Open Web Application Security Project (OWASP) lists, like Injection, Cross-site Scripting, or Unvalidated Redirects and Forwards, are only possible if the application doesn’t disallow bad content. There’s more than one way […]

Recent Posts

  • Fortify Static Code Analyzer: Comparing Two Scans
  • Fortify Static Code Analyzer And Family Reporting: OWASP Top 10 Categories
  • Fortify Static Code Analyzer And Family Reporting: Basic Statistics
  • Fortify Static Code Analyzer and Family Reporting: Looking at a Scan
  • Introduction: Fortify Static Code Analyzer and Family Reporting
| Editorial by MysteryThemes.