Secure coding practices in Java: challenges and vulnerabilities

Secure coding practices in Java: challenges and vulnerabilities Meng et al., ICSE’18

TL;DR : don’t trust everything you read on Stack Overflow.

Meng et al. conduct a study of Stack Overflow posts relating to secure coding practices in Java to find out the hot topics, what people struggle with, and whether or not the accepted answers are actually following security best practices.

We conducted an empirical study on Stack Overflow posts, aiming to understand developer’s concerns on Java secure coding, their programming obstacles, and insecure coding practices. We observed a wide adoption of the authentication and authorization features provided by Spring Security — a third-party framework designed to secure enterprise applications…

Well, how could I resist reading that! (Some readers may know that I was for many years the CTO of SpringSource). Spring Security does come in for some flak in this paper for the high volume of questions that are asked relating to it. There’s no calibration though for underlying popularity. One of the reasons there are a lot of questions, I posit, is that there are an awful lot of users of Spring Security. Spring Boot applications will use Spring Security, and Spring Boot has been growing Continue reading

Instructor Spotlight: A Bit About Joseph Holbrook

If you’ve watched any of our Google or Blockchain courses, you may be familiar with Joseph Holbrook. Continue reading to learn more about this talented course author:

Joe Holbrook has been in the IT field since 1993 when he was exposed to several HPUX systems on board a US Navy flagship. He has migrated from UNIX world to Storage Area Networking(SAN) and then onto Enterprise Virtualization and Cloud Architecture. In the past, Joe has worked for numerous companies like HDS, 3PAR Data, Brocade, Dimension Data, EMC, Northrup Grumman, ViON, Ibasis.net, Chematch.com, SAIC and Siemens Nixdorf. Currently he’s a Subject Matter Expert specializing in Cloud/IT Security focused on Data Storage infrastructure services and Data migrations to the Cloud.

Joe holds Industry leading certifications from Amazon Web Services, Google Cloud Platform, Brocade, Hitachi Data Systems, EMC, VMWare, CompTIA, HP 3PAR ASE, Cloud Credential Council and other orgs. He is now working on the Google Cloud Platform for several organizations.

Joe is married with children and lives in Jacksonville, Florida. In his free time, he enjoys traveling to South America, spending time with my 5 year old daughter and learning about cryptocurrencies. He is also an avid hockey fan and enjoys Continue reading

Shredding files on Linux

The rm command easily makes files disappear from our file listings, but what does it actually do and how can we ensure that files are unlikely to be recoverable?A little background To understand what happens when you remove a file from a Linux system with rm, first think about inodes -- those intriguing data structures that keep track of all of a file's attributes -- often called "metadata" -- that describe the file. This includes its name, its owner and group, what permissions have been established and where the file's contents can be found on the disk.Next, think about Linux directories. While they take the appearance and character of folders (i.e., merely containers for holding files) they are actually files themselves -- files that include no more than the names and inode numbers of the files they "contain". So, what we get is a convenient way to think about directories and files in the same way you might think about the folders and paperwork in your file cabinets (if any of you still have one of those).To read this article in full, please click here

Automation for Success

Businesses with high growth, complex tasks and repetition, tend to rely on or require automation to fulfill business challenges. Introducing automation is not without challenges and sometimes they can be quite significant. Identifying success is one of the early crucial activities that creates a business alignment. The identification exercise highlights justification for one more decisions and the removal of friction. Some of the decisions are not easy to make and friction is not easy to experience without applying pressure to various parts of an organization.

What follows is a number of scenarios with some reasoning around the kind of challenges that you’re already facing or likely to face.

If the absolute reasons are known, accepted and aligned against, you have just laid one of the foundational layers for success.

Challenge: High Growth

Great news and bad news. You’re in a business under stress from high growth! Lots of great challenges to solve and high pressure from not having them currently solved.

With high growth businesses, engineers or administrators are not under threat of being “automated out of their job”. If you identify as one of these people, you have an opportunity to learn new skills, be rewarded for finishing projects Continue reading

IDG Contributor Network: A technology horror story: The day the marketing guy joined the hackathon

The fifth floor of the cafeteria at Cato’s Israeli office transformed last Thursday morning into a celebration of innovation, coding, and food. Our 2018 Hackathon was kicking off with a sumptuous breakfast buffet decorating the tables, and flags of the 10 project teams dotting the floor-to-ceiling windows that looked out onto southern Tel Aviv.Hackathons are usually meant for folks who know something about, well, hacking code. But the dynamic duo who conceived and ran the event – Eyal, our director of product management, and Jordana, Cato’s human resources manager – poked, prodded, and dare I say implored, every employee to join the festivities – and I do mean everyone. The call to sign up for Cato’s Hackathon wasn’t just limited those who could program in C but even employees who could spell with a C – all were encouraged to sign up.  Thankfully singing in C wasn't a requirement.To read this article in full, please click here

1 1,502 1,503 1,504 1,505 1,506 3,788