Security

Keycloak High Availability in Cloud environment (AWS) - PART 4/4

All the configuration presented in the previous parts have been settled according to our simulation…

Read More

Keycloak High Availability in Cloud environment (AWS) - PART 3/4

In previous part, we have explained our context and how to configure our infrastructure and…

Read More

Securing your APIs using Okta and a JHipster gateway

A step by step guide on setting up a JHipster application with Okta that provides first class support for system users.…

Read More

Keycloak High Availability in Cloud environment (AWS) - PART 2/4

In the previous first part, we have described the main cloud architecture, according to the…

Read More

Keycloak High Availability in Cloud environment (AWS) - PART 1/4

For those who do not already know the Keycloak product, it is the main IAM…

Read More

Integrating Civic into a Static Serverless Website (part 2 of 2)

This is the second part of this tutorial (first part here). By now your static…

Read More

Integrating Civic into a Static Serverless Website Part 1 of 2

This article describes an application that takes advantage of AWS serverless services to provide a…

Read More

Service Oriented Network Security - AWS Security Group Design

Amazon Web Services is capable of providing the infrastructure to run all of your applications…

Read More

JHipster: Streamlining the Hackathon Experience

For most 24 hour Hackathons, the work starts a week or two prior to the…

Read More

Security White Paper: OWASP - Building Secure Web Applications

Nowadays, software application security absolutely cannot be ignored and every IT professional must take this…

Read More

OWASP Top 10 - A10 Unvalidated Redirects and Forwards

Description If a user is redirected or forwarded to a page defined by an unverified…

Read More

OWASP Top 10 - A9 Using Components with Known Vulnerabilities

Description Known software vulnerabilities are available to everyone on the Internet. If an attacker knows…

Read More

OWASP Top 10 - A8 Cross-Site Request Forgery (CSRF)

Description An attacker sends a request to a website you are authenticated on to execute…

Read More

OWASP Top 10 - A7 Missing Function Level Access Control

Description In a web application with different user roles, authentication is not enough. Each request…

Read More

OWASP Top 10 - A6 Sensitive Data Exposure

Description We have seen in the previous articles that an experienced attacker can easily intercept…

Read More