Trifork Blog

Axon Framework, DDD, Microservices

Posts Tagged ‘Security’

Introducing GOTO London 2015

June 17th, 2015 by
(http://blog.trifork.com/2015/06/17/introducing-goto-london-2015/)

adrian-cockcroft-new-big1

You Should GOTO This Conference: Software Development That is Agile, Lean and Rugged

Competitive pressures have pushed speed of software development to become one of the highest priorities for businesses today. Improved tools and techniques have moved the state-of-the-art in agile development from pushing monolithic updates every few weeks to a continuous delivery of “micro-services” several times a day. But this move to “run what you wrote” and developer-driven infrastructure means developers are not only delivering products faster today, but are also responsible for the efficiency and safety of those products once they move into production.

This is a major shift in software development, and it forms a narrative that will underlie programming at the upcoming GOTO London technology conference, which I am helping organize and will be held Sept. 14-18.

Read the rest of this entry »

Session Timeout and Concurrent Session Control with Spring Security and Spring-MVC

February 28th, 2014 by
(http://blog.trifork.com/2014/02/28/session-timeout-and-concurrent-session-control-with-spring-security-and-spring-mvc/)

security-icon

A web application me and my team are building recently underwent a security review. As usual, because you haven’t yet had time to put any real effort into it, some security risks did surface. We use Spring Security and Spring-MVC and I will talk about implementing a session timeout and concurrent session control: nice subjects from the trenches.

In general, sessions should be managed as restrictively as possible for your web application. Category number two on OWASP top ten security threats of 2013 is broken authentication and session management. Here you can find some nice examples of the problem never lying with the internet, but with the human mistakes in using it.

 

Read the rest of this entry »

Web security; a haven for hackers if you’re not careful!

December 4th, 2012 by
(http://blog.trifork.com/2012/12/04/web-security-a-haven-for-hackers-if-youre-not-careful/)
Web security is becoming more of more of an issue. In the Netherlands alone it’s at the heart of the daily news. For example the recent final report from a security company commissioned to investigate the DigiNotar attack shows that the compromise of the now-bankrupt certificate authority was much deeper than initially thought. Or the instance where a Dutch hospital reported a security breach whereby almost 50 confidential patient files were downloaded by a hacker. It’s important to bear in mind it’s not just bigger cases that get coverage in the press, but the threat is also (perhaps even more so!) to smaller companies and systems too. This is also because more often than not, in these cases there is limited access to expert advise or that the third party tools implemented do not cover all the security risks that are exposed to many of these web applications.
The question is what happens if you simply don’t know what the risks are, and more importantly how to take action to prevent a security breach? Luckily there are a number of open source tools that can help web applications manage the standard exploits. In fact we have been looking into this and will cover this in more detail in our next tech meeting, this Thursday 6th December. In this session we give some background information into some of the solutions available such as OWASP’s ‘Zed Attack Proxy’ (ZAP) and show how easy it is to apply these checks to your own website.
Register now and don’t let web security keep you awake at night and give you nightmares!

Ysis Mobiel – an iPhone app in Healthcare

September 20th, 2012 by
(http://blog.trifork.com/2012/09/20/ysis-mobiel-an-iphone-app-in-healthcare/)

Hi! My name is Byron Voorbach. I am an intern at Orange11 as a software developer since february 2012. During my time at Orange11 I have been given the opportunity to work at some great applications. Ysis Mobiel for our client Gerimedica is one of those applications. Since I am fairly new to the company this will hopefully be my first (of many) blog posts.

Ysis Mobiel is an iPhone application for one of our customers in the Heathcare sector, GeriMedica. Please check out the case study to read more about the application and what it does.

The Mobile team at Orange11 have already developed a lot of pretty cool apps. Two of which I’ve been involved with from the sidelines are The New Motion & Learning to Write with Tracy. But with the Ysis Mobiel app, I was properly involved from day one, and I really gained insight as to how to integrate cool features such as:

  • providing security by logging in users with a simple pin code
  • give the users the ability to work without an active internet connection
  • figure out ways to optimise the user interaction within the application, trying to come up with a way to have users interact as quickly, easily and effectively as possible

But next to those challenges, I had a real drive to make the application a success, because first of all, it is part of a bigger project the Electronic Health Records (EHR) that Orange11 develops and on the other hand because as part of my studies I created something similar to this application, so could really relate back to its purpose. Anyway, the app is in the App Store and the feedback we have from GeriMedica to date from the first customer demos are really positive. I am already exciting about working on more mobile apps and I look forward to sharing more of my experiences on the Orange11 blog too. For now, you can read more about Ysis Mobiel in the Gerimedica / Ysis Mobiel case study on our website.

Securing connections with TLS

November 10th, 2009 by
(http://blog.trifork.com/2009/11/10/securing-connections-with-tls/)

In this article I’ll explore some ways to secure socket communication with TLS from a java application. To make it more concrete I’ll show you SubEtha SMTP (an excellent Java based bare bones SMTP server) and the recent TLS extensions I added to it.

What you’ll get from this article:

  • How to mix secure with insecure communication
  • How to start TLS, server side
  • How to make the connection really safe
  • How to add client authentication
  • How to apply this with SubEtha SMTP

I’ll assume you know Java, understand the concept of a socket and the purpose of TLS/SSL.
Read the rest of this entry »