Tom Jackman

Associate Software Engineer at Red Hat Mobile.

Recent Posts

OpenID Connect Identity Brokering with Red Hat Single Sign-On

Introduction

In this post, I will provide a walk through of how to set up Identity Brokering on an RH-SSO server.

Red Hat Single Sign-On (RH-SSO) provides Web single sign-on and identity federation based on SAML 2.0, OpenID Connect and OAuth 2.0 specifications.

For this tutorial, you will need:

  • An RH-SSO Instance.
  • A Web/Mobile Application with an OpenID Connect adapter.
  • An OpenID Connect Provider Server (Such as Keycloak) to be used as the 3rd Party Identity Provider.

Continue reading “OpenID Connect Identity Brokering with Red Hat Single Sign-On”

Share

The Diamond in the Rough: Effective Vulnerability Management with OWASP DefectDojo

Managing the security of your projects applications can be an overwhelming and unmanageable task. In today’s world, the number of newly created frameworks and languages is continuing to increase and they each have their own security drawbacks associated with them.

The wide variety of security scanners available can help find vulnerabilities in your projects, but some scanners only work with certain languages and they each have different reporting output formats. Creating reports for customers or managers and viewing analytics using different security tools in different projects can be a very time-consuming task.

Continue reading “The Diamond in the Rough: Effective Vulnerability Management with OWASP DefectDojo”

Share

Using Snyk, NSP and Retire.JS to Identify and Fix Vulnerable Dependencies in your Node.js Applications

Introduction

Dependency management isn’t anything new, however, it has become more of an issue in recent times due to the popularity of frameworks and languages, which have large numbers of 3rd party plugins and modules. With Node.js, keeping dependencies secure is an ongoing and time-consuming task because the majority of Node.js projects rely on publicly available modules or libraries to add functionality. Instead of developers writing code, they end up adding a large number of libraries to their applications. The major benefit of this is the speed at which development can take place. However, with great benefits can also come great pitfalls, this is especially true when it comes to security. As a result of these risks, the Open Web Application Security Project (OWASP) currently ranks “Using Components with Known Vulnerabilities” in the top ten most critical web application vulnerabilities in their latest report.

Continue reading “Using Snyk, NSP and Retire.JS to Identify and Fix Vulnerable Dependencies in your Node.js Applications”

Share