According to Wikipedia, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data.
Entropy is often overlooked, misconfigured or forgotten and it can originate in sporadic errors whether it can be timeouts, refused connections, etc. Such errors are difficult to debug as the errors happen only when there is not enough entropy available.
This article tries to explain briefly how to check if this can be a problem in a RHEL system and how to fix it.
NOTE: This article is meant to provide some helpful hints about entropy. It is not meant to be exhaustive or definitive. There are hundreds of information sources on the Internet such as KCS articles; https://access.redhat.com/articles/221583 and https://access.redhat.com/solutions/19866 where this article is based. Check the bibliography section for more information.
Continue reading “Entropy in RHEL based cloud instances”
It has long been recognized that unconstrained growth of memory usage constitutes a potential denial of service vulnerability. Qualys has shown that such unconstrained growth can be combined with other vulnerabilities and exploited in ways that are more serious.
Continue reading “Stack Clash Mitigation in GCC — Background”
JBoss Application Server ships with
PicketLink module for enabling
SAML based SSO.
PicketLink is an open source module and it is
SAML v2.0 complained, for more information about ‘PicketLink’ please visit picketlink.org.
Now the requirement is to enable SAML based SSO in JBoss Application Server where IDP is OKTA.
Continue reading “Integrating PicketLink with OKTA for SAML based SSO”
Managing the security of your projects applications can be an overwhelming and unmanageable task. In today’s world, the number of newly created frameworks and languages is continuing to increase and they each have their own security drawbacks associated with them.
The wide variety of security scanners available can help find vulnerabilities in your projects, but some scanners only work with certain languages and they each have different reporting output formats. Creating reports for customers or managers and viewing analytics using different security tools in different projects can be a very time-consuming task.
Continue reading “The Diamond in the Rough: Effective Vulnerability Management with OWASP DefectDojo”
What is Keycloak?
Although security is a crucial aspect of any application, its implementation can be difficult. Worse, it is often neglected, poorly implemented and intrusive in the code. But lately, security servers have appeared which allow for outsourcing and delegating all the authentication and authorization aspects. Of these servers, one of the most promising is Keycloak, open-source, flexible, and agnostic of any technology, it is easily deployable/adaptable in its own infrastructure.
Moreover, Keycloak is more than just an authentication server, it also provides a complete Identity Management system, user federation for third parties like LDAP and a lot more … Check it out on here.
The project can also be found on Github
Continue reading “Easily secure your Spring Boot applications with Keycloak”
… with APIs, OpenID, and Microservices, Daria Mayorova and Mark Cheshire from Red Hat 3Scale shared their presentation on how to construct microservice-based applications with the benefits of API management.
Continue reading “Blueprint for Modern Application Architecture”
Expanding on Tristan’s blog, where he spoke of enabling security for JBoss Data Grid caches, in this post we will cover how to add LDAP based security to the JDG caches. The principles and techniques remain defined by Tristan, but there are some minor changes that I will be highlighting in this blog for a successful working configuration of JDG enabled with LDAP security.
Continue reading “Enabling LDAP Security for DataGrid Cache”