The Diamond in the Rough: Effective Vulnerability Management with OWASP DefectDojo

Posted by Tom Jackman on June 23, 2017June 20, 2017

Managing the security of your projects applications can be an overwhelming and unmanageable task. In today’s world, the number of newly created frameworks and languages is continuing to increase and they each have their own security drawbacks associated with them.

The wide variety of security scanners available can help find vulnerabilities in your projects, but some scanners only work with certain languages and they each have different reporting output formats. Creating reports for customers or managers and viewing analytics using different security tools in different projects can be a very time-consuming task.

Continue reading “The Diamond in the Rough: Effective Vulnerability Management with OWASP DefectDojo”

Easily secure your Spring Boot applications with Keycloak

Posted by Sébastien Blanc on May 25, 2017May 30, 2017

What is Keycloak?

Although security is a crucial aspect of any application, its implementation can be difficult. Worse, it is often neglected, poorly implemented and intrusive in the code. But lately, security servers have appeared which allow for outsourcing and delegating all the authentication and authorization aspects. Of these servers, one of the most promising is Keycloak, open-source, flexible, and agnostic of any technology, it is easily deployable/adaptable in its own infrastructure.

Moreover, Keycloak is more than just an authentication server, it also provides a complete Identity Management system, user federation for third parties like LDAP and a lot more … Check it out on here.

The project can also be found on Github

Continue reading “Easily secure your Spring Boot applications with Keycloak”

Blueprint for Modern Application Architecture

Posted by Brian Atkisson on May 3, 2017May 3, 2017

… with APIs, OpenID, and Microservices, Daria Mayorova and Mark Cheshire from Red Hat 3Scale shared their presentation on how to construct microservice-based applications with the benefits of API management.

Continue reading “Blueprint for Modern Application Architecture”

Enabling LDAP Security for DataGrid Cache

Posted by Kamesh on April 13, 2017April 12, 2017

Expanding on Tristan’s blog, where he spoke of enabling security for JBoss Data Grid caches, in this post we will cover how to add LDAP based security to the JDG caches. The principles and techniques remain defined by Tristan, but there are some minor changes that I will be highlighting in this blog for a successful working configuration of JDG enabled with LDAP security.

Continue reading “Enabling LDAP Security for DataGrid Cache”

Using Snyk, NSP and Retire.JS to Identify and Fix Vulnerable Dependencies in your Node.js Applications

Posted by Tom Jackman on April 12, 2017April 7, 2017

Introduction

Dependency management isn’t anything new, however, it has become more of an issue in recent times due to the popularity of frameworks and languages, which have large numbers of 3rd party plugins and modules. With Node.js, keeping dependencies secure is an ongoing and time-consuming task because the majority of Node.js projects rely on publicly available modules or libraries to add functionality. Instead of developers writing code, they end up adding a large number of libraries to their applications. The major benefit of this is the speed at which development can take place. However, with great benefits can also come great pitfalls, this is especially true when it comes to security. As a result of these risks, the Open Web Application Security Project (OWASP) currently ranks “Using Components with Known Vulnerabilities” in the top ten most critical web application vulnerabilities in their latest report.

Continue reading “Using Snyk, NSP and Retire.JS to Identify and Fix Vulnerable Dependencies in your Node.js Applications”

Benchmarking nftables

Posted by Phil on April 11, 2017April 6, 2017

Since I’ve learned about nftables, I heard numerous times that it would provide better performance than its designated predecessor, iptables. Yet, I have never seen actual figures of performance comparisons between the two and so I decided to do a little side-by-side comparison.

Continue reading “Benchmarking nftables”

Diagnosing Function Pointer Security Flaws with a GCC plugin

Posted by Aldy Hernandez and Martin Sebor on March 17, 2017March 14, 2017

A few months ago, I had to write some internal GCC passes to perform static analysis on the GNU C Library (glibc). I figured I might as well write them as plugins since they were unlikely to see the light of day outside of my little sandbox. Being a long time GCC contributor, but having no experience writing plugins I thought it’d be a good way to eat our own dog food, and perhaps write about my experience.

Continue reading “Diagnosing Function Pointer Security Flaws with a GCC plugin”

Blog

Insights and news on Red Hat developer tools, platforms and more

Category: Security